Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gmt-6.1.1+dfsg/src/grdmask.c
Examining data/gmt-6.1.1+dfsg/src/grdmix.c
Examining data/gmt-6.1.1+dfsg/src/inset.c
Examining data/gmt-6.1.1+dfsg/src/grdcontour.c
Examining data/gmt-6.1.1+dfsg/src/grdblend.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-1.h
Examining data/gmt-6.1.1+dfsg/src/gmt_mbsystem_glue.c
Examining data/gmt-6.1.1+dfsg/src/gmtlogo.c
Examining data/gmt-6.1.1+dfsg/src/gshhg/gshhg.h
Examining data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h
Examining data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISOLatin1+.h
Examining data/gmt-6.1.1+dfsg/src/psbasemap.c
Examining data/gmt-6.1.1+dfsg/src/gmtregress.c
Examining data/gmt-6.1.1+dfsg/src/blockmean.c
Examining data/gmt-6.1.1+dfsg/src/gshhg_version.c
Examining data/gmt-6.1.1+dfsg/src/gmt_io.c
Examining data/gmt-6.1.1+dfsg/src/gmt_grdio.h
Examining data/gmt-6.1.1+dfsg/src/mapproject.c
Examining data/gmt-6.1.1+dfsg/src/testapi_vector_strings.c
Examining data/gmt-6.1.1+dfsg/src/seis/psmeca.c
Examining data/gmt-6.1.1+dfsg/src/seis/utilmeca.h
Examining data/gmt-6.1.1+dfsg/src/seis/pssac.c
Examining data/gmt-6.1.1+dfsg/src/seis/sacio.c
Examining data/gmt-6.1.1+dfsg/src/seis/meca.h
Examining data/gmt-6.1.1+dfsg/src/seis/pscoupe.c
Examining data/gmt-6.1.1+dfsg/src/seis/utilmeca.c
Examining data/gmt-6.1.1+dfsg/src/seis/pspolar.c
Examining data/gmt-6.1.1+dfsg/src/seis/sacio.h
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix_360.c
Examining data/gmt-6.1.1+dfsg/src/gmt_types.h
Examining data/gmt-6.1.1+dfsg/src/gmt_cpt_masters.h
Examining data/gmt-6.1.1+dfsg/src/gmt_map.c
Examining data/gmt-6.1.1+dfsg/src/sphdistance.c
Examining data/gmt-6.1.1+dfsg/src/gmt_project.h
Examining data/gmt-6.1.1+dfsg/src/psclip.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-5.h
Examining data/gmt-6.1.1+dfsg/src/grdedit.c
Examining data/gmt-6.1.1+dfsg/src/grdfill.c
Examining data/gmt-6.1.1+dfsg/src/s_rint.c
Examining data/gmt-6.1.1+dfsg/src/grd2cpt.c
Examining data/gmt-6.1.1+dfsg/src/test_JL.c
Examining data/gmt-6.1.1+dfsg/src/block_subs.h
Examining data/gmt-6.1.1+dfsg/src/declspec.h
Examining data/gmt-6.1.1+dfsg/src/gmt_texture.h
Examining data/gmt-6.1.1+dfsg/src/gmtspatial.c
Examining data/gmt-6.1.1+dfsg/src/compat/qsort.c
Examining data/gmt-6.1.1+dfsg/src/compat/qsort.h
Examining data/gmt-6.1.1+dfsg/src/gmt_modern.h
Examining data/gmt-6.1.1+dfsg/src/gmt_nan.h
Examining data/gmt-6.1.1+dfsg/src/gmt_psl.h
Examining data/gmt-6.1.1+dfsg/src/gmt_ogrread.c
Examining data/gmt-6.1.1+dfsg/src/gmt_fft.c
Examining data/gmt-6.1.1+dfsg/src/gmt_error.h
Examining data/gmt-6.1.1+dfsg/src/gmt_resources.h
Examining data/gmt-6.1.1+dfsg/src/grdfft.c
Examining data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c
Examining data/gmt-6.1.1+dfsg/src/spotter/gmtpmodeler.c
Examining data/gmt-6.1.1+dfsg/src/spotter/spotter.c
Examining data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c
Examining data/gmt-6.1.1+dfsg/src/spotter/hotspotter.c
Examining data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c
Examining data/gmt-6.1.1+dfsg/src/spotter/rotsmoother.c
Examining data/gmt-6.1.1+dfsg/src/spotter/originater.c
Examining data/gmt-6.1.1+dfsg/src/spotter/spotter.h
Examining data/gmt-6.1.1+dfsg/src/spotter/polespotter.c
Examining data/gmt-6.1.1+dfsg/src/spotter/backtracker.c
Examining data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-10.h
Examining data/gmt-6.1.1+dfsg/src/testgrdio.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-14.h
Examining data/gmt-6.1.1+dfsg/src/gmt_init.c
Examining data/gmt-6.1.1+dfsg/src/makecpt.c
Examining data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c
Examining data/gmt-6.1.1+dfsg/src/gmt_mgg_header2.c
Examining data/gmt-6.1.1+dfsg/src/gmt_ellipsoids.h
Examining data/gmt-6.1.1+dfsg/src/gmt_gsformats.h
Examining data/gmt-6.1.1+dfsg/src/testapiconv.c
Examining data/gmt-6.1.1+dfsg/src/blockmode.c
Examining data/gmt-6.1.1+dfsg/src/psrose.c
Examining data/gmt-6.1.1+dfsg/src/psscale.c
Examining data/gmt-6.1.1+dfsg/src/pscoast.c
Examining data/gmt-6.1.1+dfsg/src/gmt_common.h
Examining data/gmt-6.1.1+dfsg/src/psxyz.c
Examining data/gmt-6.1.1+dfsg/src/dimfilter.c
Examining data/gmt-6.1.1+dfsg/src/grdfilter_mt.c
Examining data/gmt-6.1.1+dfsg/src/gmt_customio.c
Examining data/gmt-6.1.1+dfsg/src/postscriptlight.h
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix_360_ref.c
Examining data/gmt-6.1.1+dfsg/src/gmt_notposix.c
Examining data/gmt-6.1.1+dfsg/src/gmt_error_codes.c
Examining data/gmt-6.1.1+dfsg/src/gmt_common_runpath.h
Examining data/gmt-6.1.1+dfsg/src/grdhisteq.c
Examining data/gmt-6.1.1+dfsg/src/testgmtshell.c
Examining data/gmt-6.1.1+dfsg/src/gmtset.c
Examining data/gmt-6.1.1+dfsg/src/gmt_esri_io.c
Examining data/gmt-6.1.1+dfsg/src/testapi_vector_plot.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-8.h
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-2.h
Examining data/gmt-6.1.1+dfsg/src/grdvector.c
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix_plot.c
Examining data/gmt-6.1.1+dfsg/src/testapi_vector.c
Examining data/gmt-6.1.1+dfsg/src/gmt_colornames.h
Examining data/gmt-6.1.1+dfsg/src/gmt_common_math.h
Examining data/gmt-6.1.1+dfsg/src/testapi_usergrid.c
Examining data/gmt-6.1.1+dfsg/src/gmt_common_sighandler.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-6.h
Examining data/gmt-6.1.1+dfsg/src/gmt_dcw.c
Examining data/gmt-6.1.1+dfsg/src/trend1d.c
Examining data/gmt-6.1.1+dfsg/src/grdlandmask.c
Examining data/gmt-6.1.1+dfsg/src/gmt_sph.c
Examining data/gmt-6.1.1+dfsg/src/testgmtio.c
Examining data/gmt-6.1.1+dfsg/src/gmt_common_string.c
Examining data/gmt-6.1.1+dfsg/src/gmt_remote.h
Examining data/gmt-6.1.1+dfsg/src/grd2xyz.c
Examining data/gmt-6.1.1+dfsg/src/gmtget.c
Examining data/gmt-6.1.1+dfsg/src/PSL_Standard.h
Examining data/gmt-6.1.1+dfsg/src/gmt_media_size.h
Examining data/gmt-6.1.1+dfsg/src/grdvolume.c
Examining data/gmt-6.1.1+dfsg/src/gmt_gdalread.c
Examining data/gmt-6.1.1+dfsg/src/gmt_glib.h
Examining data/gmt-6.1.1+dfsg/src/pshistogram.c
Examining data/gmt-6.1.1+dfsg/src/gmt_internals.h
Examining data/gmt-6.1.1+dfsg/src/spectrum1d.c
Examining data/gmt-6.1.1+dfsg/src/triangulate.c
Examining data/gmt-6.1.1+dfsg/src/gmt_enum_dict.h
Examining data/gmt-6.1.1+dfsg/src/gmtwrite.c
Examining data/gmt-6.1.1+dfsg/src/project.c
Examining data/gmt-6.1.1+dfsg/src/testapi_userdataset.c
Examining data/gmt-6.1.1+dfsg/src/psldemo.c
Examining data/gmt-6.1.1+dfsg/src/grdcut.c
Examining data/gmt-6.1.1+dfsg/src/gmt_shore.h
Examining data/gmt-6.1.1+dfsg/src/filter1d.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-13.h
Examining data/gmt-6.1.1+dfsg/src/grdproject.c
Examining data/gmt-6.1.1+dfsg/src/gmt_memory.h
Examining data/gmt-6.1.1+dfsg/src/gmt_plot.h
Examining data/gmt-6.1.1+dfsg/src/gmt_nc.c
Examining data/gmt-6.1.1+dfsg/src/grdgdal.c
Examining data/gmt-6.1.1+dfsg/src/gmt_time.h
Examining data/gmt-6.1.1+dfsg/src/psxy.c
Examining data/gmt-6.1.1+dfsg/src/grdfilter.c
Examining data/gmt-6.1.1+dfsg/src/grdsample.c
Examining data/gmt-6.1.1+dfsg/src/gmtsimplify.c
Examining data/gmt-6.1.1+dfsg/src/gmt_contour.h
Examining data/gmt-6.1.1+dfsg/src/grdview.c
Examining data/gmt-6.1.1+dfsg/src/surface_experimental.c
Examining data/gmt-6.1.1+dfsg/src/gmt_unique.h
Examining data/gmt-6.1.1+dfsg/src/docs.c
Examining data/gmt-6.1.1+dfsg/src/gmt_macros.h
Examining data/gmt-6.1.1+dfsg/src/test_example1.c
Examining data/gmt-6.1.1+dfsg/src/gmtconnect.c
Examining data/gmt-6.1.1+dfsg/src/grdconvert.c
Examining data/gmt-6.1.1+dfsg/src/gmt.h
Examining data/gmt-6.1.1+dfsg/src/gmt_decorate.h
Examining data/gmt-6.1.1+dfsg/src/standard_adobe_fonts.h
Examining data/gmt-6.1.1+dfsg/src/gmt_media_name.h
Examining data/gmt-6.1.1+dfsg/src/sample1d.c
Examining data/gmt-6.1.1+dfsg/src/gmtdefaults.c
Examining data/gmt-6.1.1+dfsg/src/s_rint.h
Examining data/gmt-6.1.1+dfsg/src/psmask.c
Examining data/gmt-6.1.1+dfsg/src/greenspline.c
Examining data/gmt-6.1.1+dfsg/src/img/img2grd.c
Examining data/gmt-6.1.1+dfsg/src/gmt_sharedlibs.c
Examining data/gmt-6.1.1+dfsg/src/testapi_uservectors.c
Examining data/gmt-6.1.1+dfsg/src/grdtrack.c
Examining data/gmt-6.1.1+dfsg/src/gmtwhich.c
Examining data/gmt-6.1.1+dfsg/src/gmtvector.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISOLatin1.h
Examining data/gmt-6.1.1+dfsg/src/gmt_proj.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-3.h
Examining data/gmt-6.1.1+dfsg/src/gmt_synopsis.h
Examining data/gmt-6.1.1+dfsg/src/gmt_constants.h
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-9.h
Examining data/gmt-6.1.1+dfsg/src/splitxyz.c
Examining data/gmt-6.1.1+dfsg/src/gmt_grdio.c
Examining data/gmt-6.1.1+dfsg/src/gmt_io.h
Examining data/gmt-6.1.1+dfsg/src/gmt_vector.c
Examining data/gmt-6.1.1+dfsg/src/figure.c
Examining data/gmt-6.1.1+dfsg/src/gshhg_version.h
Examining data/gmt-6.1.1+dfsg/src/script2verbatim.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_recalc.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77magref.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_rls_coeffs.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/igrftest.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77defaults.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77path.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_codes.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_IGF_coeffs.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_e77.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_init.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77magref.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77snifferdefaults.h
Examining data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h
Examining data/gmt-6.1.1+dfsg/src/gmt2kml.c
Examining data/gmt-6.1.1+dfsg/src/gmt_hidden.h
Examining data/gmt-6.1.1+dfsg/src/pssolar.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-7.h
Examining data/gmt-6.1.1+dfsg/src/testapi_vector_io.c
Examining data/gmt-6.1.1+dfsg/src/pswiggle.c
Examining data/gmt-6.1.1+dfsg/src/testpsl.c
Examining data/gmt-6.1.1+dfsg/src/gmtinfo.c
Examining data/gmt-6.1.1+dfsg/src/grdclip.c
Examining data/gmt-6.1.1+dfsg/src/gmt_hash.h
Examining data/gmt-6.1.1+dfsg/src/potential/talwani3d.c
Examining data/gmt-6.1.1+dfsg/src/potential/grdseamount.c
Examining data/gmt-6.1.1+dfsg/src/potential/talwani2d.c
Examining data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c
Examining data/gmt-6.1.1+dfsg/src/potential/grdflexure.c
Examining data/gmt-6.1.1+dfsg/src/potential/gravfft.c
Examining data/gmt-6.1.1+dfsg/src/potential/okbfuns.h
Examining data/gmt-6.1.1+dfsg/src/potential/talwani.h
Examining data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c
Examining data/gmt-6.1.1+dfsg/src/potential/grdredpol.c
Examining data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c
Examining data/gmt-6.1.1+dfsg/src/potential/okbfuns.c
Examining data/gmt-6.1.1+dfsg/src/sphinterpolate.c
Examining data/gmt-6.1.1+dfsg/src/gmt_agc_io.c
Examining data/gmt-6.1.1+dfsg/src/nearneighbor.c
Examining data/gmt-6.1.1+dfsg/src/clear.c
Examining data/gmt-6.1.1+dfsg/src/gmt_grd.h
Examining data/gmt-6.1.1+dfsg/src/surface.c
Examining data/gmt-6.1.1+dfsg/src/gmt_ogrproj.c
Examining data/gmt-6.1.1+dfsg/src/gmt_api.c
Examining data/gmt-6.1.1+dfsg/src/postscriptlight_f77.c
Examining data/gmt-6.1.1+dfsg/src/gmtread.c
Examining data/gmt-6.1.1+dfsg/src/gmt_regexp.c
Examining data/gmt-6.1.1+dfsg/src/pscontour.c
Examining data/gmt-6.1.1+dfsg/src/gmt_pennames.h
Examining data/gmt-6.1.1+dfsg/src/gmt_bcr.c
Examining data/gmt-6.1.1+dfsg/src/gmtselect.c
Examining data/gmt-6.1.1+dfsg/src/surface_old.c
Examining data/gmt-6.1.1+dfsg/src/grdpaste.c
Examining data/gmt-6.1.1+dfsg/src/gmt_mgg_header2.h
Examining data/gmt-6.1.1+dfsg/src/pstext.c
Examining data/gmt-6.1.1+dfsg/src/sph2grd.c
Examining data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fftnd.h
Examining data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fft.c
Examining data/gmt-6.1.1+dfsg/src/kiss_fft/_kiss_fft_guts.h
Examining data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fft.h
Examining data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fftnd.c
Examining data/gmt-6.1.1+dfsg/src/grdgradient.c
Examining data/gmt-6.1.1+dfsg/src/gmt_stat.c
Examining data/gmt-6.1.1+dfsg/src/PSL_Standard+.h
Examining data/gmt-6.1.1+dfsg/src/trend2d.c
Examining data/gmt-6.1.1+dfsg/src/batch.c
Examining data/gmt-6.1.1+dfsg/src/gmt_private.h
Examining data/gmt-6.1.1+dfsg/src/gmt_error.c
Examining data/gmt-6.1.1+dfsg/src/grdmath.c
Examining data/gmt-6.1.1+dfsg/src/gmt_support.c
Examining data/gmt-6.1.1+dfsg/src/gmt_datums.h
Examining data/gmt-6.1.1+dfsg/src/gmt_modern.c
Examining data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c
Examining data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c
Examining data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c
Examining data/gmt-6.1.1+dfsg/src/xyz2grd.c
Examining data/gmt-6.1.1+dfsg/src/gmt_fft.h
Examining data/gmt-6.1.1+dfsg/src/end.c
Examining data/gmt-6.1.1+dfsg/src/psimage.c
Examining data/gmt-6.1.1+dfsg/src/gmt_gdalread.h
Examining data/gmt-6.1.1+dfsg/src/begin.c
Examining data/gmt-6.1.1+dfsg/src/blockmedian.c
Examining data/gmt-6.1.1+dfsg/src/PSL_patterns.h
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c
Examining data/gmt-6.1.1+dfsg/src/psevents.c
Examining data/gmt-6.1.1+dfsg/src/gmt_common_byteswap.h
Examining data/gmt-6.1.1+dfsg/src/gmt_prototypes.h
Examining data/gmt-6.1.1+dfsg/src/gmt_sph.h
Examining data/gmt-6.1.1+dfsg/src/subplot.c
Examining data/gmt-6.1.1+dfsg/src/gmt_dcw.h
Examining data/gmt-6.1.1+dfsg/src/gmt_common_sighandler.h
Examining data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c
Examining data/gmt-6.1.1+dfsg/src/test_walter.c
Examining data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c
Examining data/gmt-6.1.1+dfsg/src/gmt_remote.c
Examining data/gmt-6.1.1+dfsg/src/testapi_grid2matrix.c
Examining data/gmt-6.1.1+dfsg/src/pslegend.c
Examining data/gmt-6.1.1+dfsg/src/gmt_dev.h
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_binlist.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c
Examining data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c
Examining data/gmt-6.1.1+dfsg/src/gmt_defaults.h
Examining data/gmt-6.1.1+dfsg/src/gmt_common_string.h
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix_io.c
Examining data/gmt-6.1.1+dfsg/src/gmt_mb.h
Examining data/gmt-6.1.1+dfsg/src/gmt_common_math.c
Examining data/gmt-6.1.1+dfsg/src/movie.c
Examining data/gmt-6.1.1+dfsg/src/grd2kml.c
Examining data/gmt-6.1.1+dfsg/src/psconvert.c
Examining data/gmt-6.1.1+dfsg/src/gmt_gdalwrite.c
Examining data/gmt-6.1.1+dfsg/src/psternary.c
Examining data/gmt-6.1.1+dfsg/src/sphtriangulate.c
Examining data/gmt-6.1.1+dfsg/src/grdinfo.c
Examining data/gmt-6.1.1+dfsg/src/gmt_notposix.h
Examining data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c
Examining data/gmt-6.1.1+dfsg/src/gmt_error_codes.h
Examining data/gmt-6.1.1+dfsg/src/postscriptlight.c
Examining data/gmt-6.1.1+dfsg/src/grdtrend.c
Examining data/gmt-6.1.1+dfsg/src/stripack.c
Examining data/gmt-6.1.1+dfsg/src/gmt_customio.h
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-4.h
Examining data/gmt-6.1.1+dfsg/src/segy/segy_io.h
Examining data/gmt-6.1.1+dfsg/src/segy/segy2grd.c
Examining data/gmt-6.1.1+dfsg/src/segy/pssegy.c
Examining data/gmt-6.1.1+dfsg/src/segy/pssegyz.c
Examining data/gmt-6.1.1+dfsg/src/segy/segy_io.c
Examining data/gmt-6.1.1+dfsg/src/segy/segy.h
Examining data/gmt-6.1.1+dfsg/src/segy/segyreel.h
Examining data/gmt-6.1.1+dfsg/src/gmt_symbol.h
Examining data/gmt-6.1.1+dfsg/src/grdinterpolate.c
Examining data/gmt-6.1.1+dfsg/src/mergesort.c
Examining data/gmt-6.1.1+dfsg/src/gmt_parse.c
Examining data/gmt-6.1.1+dfsg/src/gmt.c
Examining data/gmt-6.1.1+dfsg/src/testapi_imageshading.c
Examining data/gmt-6.1.1+dfsg/src/grdimage.c
Examining data/gmt-6.1.1+dfsg/src/kml2gmt.c
Examining data/gmt-6.1.1+dfsg/src/gmt_cdf.c
Examining data/gmt-6.1.1+dfsg/src/PSL_strings.h
Examining data/gmt-6.1.1+dfsg/src/testapi_matrix.c
Examining data/gmt-6.1.1+dfsg/src/gmt_color_rgb.h
Examining data/gmt-6.1.1+dfsg/src/gmt_memory.c
Examining data/gmt-6.1.1+dfsg/src/fitcircle.c
Examining data/gmt-6.1.1+dfsg/src/gmtconvert.c
Examining data/gmt-6.1.1+dfsg/src/PSL_ISO-8859-15.h
Examining data/gmt-6.1.1+dfsg/src/gmtprogram.c
Examining data/gmt-6.1.1+dfsg/src/ssrfpack.c
Examining data/gmt-6.1.1+dfsg/src/gmt_plot.c
Examining data/gmt-6.1.1+dfsg/src/gmt_calclock.c
Examining data/gmt-6.1.1+dfsg/src/psldemo.h
Examining data/gmt-6.1.1+dfsg/src/gmtmath.c
Examining data/gmt-6.1.1+dfsg/src/gmt_shore.c
FINAL RESULTS:
data/gmt-6.1.1+dfsg/src/batch.c:586:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (pre_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/batch.c:721:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (post_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/batch.c:822:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (main_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/batch.c:857:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (cleanup_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/docs.c:289:6: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (URL, t, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:1030:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (plugindir, GMT_BINARY_DIR_SRC_DEBUG "/plugins", PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8011:25: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (q) {q[0] = '+'; strncat (CPT_file, q, PATH_MAX-1);} /* Add back the z-scale modifier */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10732:10: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (j) strncat (file, &name[j], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:152:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ( (len = readlink ("/proc/self/exe", result, PATH_MAX)) != -1 ) {
data/gmt-6.1.1+dfsg/src/gmt_error.h:119:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (str, src_line, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1073:55: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (strlen(&pch[1]) < (GMT_LEN512-strlen(tmp)-1)) strncat (tmp, &pch[1], GMT_LEN512-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4147:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (GMT->common.B.string[no], in, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12098:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (record, param, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13916:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (arg, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:906:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (GMT->current.io.curr_trailing_text, &tvalue[pos], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2768:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (buffer, sflag[virt_col], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2769:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (buffer, T[GMT->common.a.ogr[col]], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2788:40: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (S->header) {strcat (buffer, " "); strncat (buffer, S->header, GMT_BUFSIZ-1);} /* Append rest of previous header */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3334:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (message, GMT_coltype_name[k], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3372:6: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (message, GMT_coltype_name[k], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3389:6: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (message, GMT_coltype_name[k], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:350:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (B_string, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:448:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(t, pch, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6921:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(opt_J, &token[6], GMT_LEN256-1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6925:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(opt_J, &token[6], GMT_LEN256-1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_support.c:4351:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (oldshit, "+g", GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4360:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (oldshit, "+", GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4375:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (oldshit, "+", GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/movie.c:1454:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (pre_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/movie.c:1606:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (post_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/movie.c:1776:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (intro_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/movie.c:2018:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (extra, line, GMT_LEN128);
data/gmt-6.1.1+dfsg/src/movie.c:2102:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (master_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/movie.c:2228:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (main_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/movie.c:2407:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (cleanup_file, S_IRWXU)) {
data/gmt-6.1.1+dfsg/src/psconvert.c:693:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (Ctrl->C.arg, opt->arg, GMT_LEN256-1); /* Append to list of extra GS options */
data/gmt-6.1.1+dfsg/src/psternary.c:322:46: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (c && c[len] && (sofar+len) < GMT_LEN64) strncat (bopt, &c[len], GMT_LEN64-1); /* Append the rest */
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:687:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (header, sphtriangulate_unit_name (Ctrl->L.unit, Ctrl->T.active), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/spotter/gmtpmodeler.c:332:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (header, tag[k], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/spotter/gmtpmodeler.c:333:33: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (k < (Ctrl->S.n_items-1)) strncat (header, GMT->current.setting.io_col_separator, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:829:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (format, &Ctrl->G.file[len], PATH_MAX-1); /* Should add the extension from said file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:417:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (track_file, (mode_t)S_RDONLY))
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:447:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (index_file, (mode_t)S_RDONLY))
data/gmt-6.1.1+dfsg/src/batch.c:445:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
run_script = system; /* The standard system function will be used */
data/gmt-6.1.1+dfsg/src/batch.c:471:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (workdir, Ctrl->W.dir);
data/gmt-6.1.1+dfsg/src/batch.c:473:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (workdir, "%s/%s", API->tmp_dir, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/batch.c:476:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (workdir, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/batch.c:509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (datadir, "%s,%s,%s", topdir, cwd, GMT->session.DATADIR); /* Start with topdir */
data/gmt-6.1.1+dfsg/src/batch.c:511:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (datadir, "%s,%s", topdir, cwd);
data/gmt-6.1.1+dfsg/src/batch.c:519:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (init_file, "batch_init.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:527:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Static parameters set for processing sequence %s", Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/batch.c:547:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pre_file, "batch_preflight.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:594:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "cmd /C %s", pre_file);
data/gmt-6.1.1+dfsg/src/batch.c:596:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], pre_file);
data/gmt-6.1.1+dfsg/src/batch.c:597:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/batch.c:629:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-T%s -o1 -f%s --GMT_HISTORY=false T = %s", Ctrl->T.file, GMT->common.f.string, output);
data/gmt-6.1.1+dfsg/src/batch.c:631:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-T%s -o1 --GMT_HISTORY=false T = %s", Ctrl->T.file, output);
data/gmt-6.1.1+dfsg/src/batch.c:663:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Static parameters set for processing sequence %s", Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/batch.c:689:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (post_file, "batch_postflight.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:711:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (gmt_is_gmt_end_show (line)) sprintf (line, "%s", line); /* Allow show in gmt end here */
data/gmt-6.1.1+dfsg/src/batch.c:736:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "batch_params_%s", state_tag);
data/gmt-6.1.1+dfsg/src/batch.c:737:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (param_file, "%s.%s", state_prefix, extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:743:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "Parameter file for job %s", state_tag);
data/gmt-6.1.1+dfsg/src/batch.c:745:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "%s_%s", Ctrl->N.prefix, state_tag);
data/gmt-6.1.1+dfsg/src/batch.c:773:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (main_file, "batch_job.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:829:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cleanup_file, "batch_cleanup.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/batch.c:871:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "cmd /C %s %s", main_file, state_tag);
data/gmt-6.1.1+dfsg/src/batch.c:873:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s", sc_call[Ctrl->In.mode], main_file, state_tag);
data/gmt-6.1.1+dfsg/src/batch.c:896:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "start /B %s %s %*.*d", sc_call[Ctrl->In.mode], main_file, precision, precision, job);
data/gmt-6.1.1+dfsg/src/batch.c:898:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %*.*d &", sc_call[Ctrl->In.mode], main_file, precision, precision, job);
data/gmt-6.1.1+dfsg/src/batch.c:900:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %*.*d &", sc_call[Ctrl->In.mode], main_file, precision, precision, job);
data/gmt-6.1.1+dfsg/src/batch.c:904:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/batch.c:919:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (completion_file, "%s_%*.*d.___", Ctrl->N.prefix, precision, precision, Ctrl->T.start_job+k);
data/gmt-6.1.1+dfsg/src/batch.c:920:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (completion_file, F_OK)) continue; /* Not found yet */
data/gmt-6.1.1+dfsg/src/batch.c:939:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "cmd /C %s", post_file);
data/gmt-6.1.1+dfsg/src/batch.c:941:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], post_file);
data/gmt-6.1.1+dfsg/src/batch.c:953:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
error = system (cleanup_file);
data/gmt-6.1.1+dfsg/src/batch.c:955:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], cleanup_file);
data/gmt-6.1.1+dfsg/src/batch.c:956:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
error = system (cmd);
data/gmt-6.1.1+dfsg/src/blockmean.c:497:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/blockmean.c:516:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, names[Ctrl->S.mode]); strcat (header, "[2]");
data/gmt-6.1.1+dfsg/src/blockmean.c:520:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, txt);
data/gmt-6.1.1+dfsg/src/blockmean.c:591:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/blockmedian.c:577:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/blockmedian.c:683:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/blockmode.c:704:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/blockmode.c:890:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/clear.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s", API->gwf_dir, GMT_SETTINGS_FILE);
data/gmt-6.1.1+dfsg/src/clear.c:92:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (server_dir, "%s/server", API->GMT->session.USERDIR);
data/gmt-6.1.1+dfsg/src/clear.c:104:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (current_d1, "%s/%s", server_dir, dir1[d1]); /* E.g., ~/.gmt/server/earth */
data/gmt-6.1.1+dfsg/src/clear.c:108:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (current_d2, "%s/%s/%s", server_dir, dir1[d1], dir2[d2]); /* E.g., ~/.gmt/server/earth/earth_relief */
data/gmt-6.1.1+dfsg/src/clear.c:112:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (current_d3, "%s/%s/%s/%s", server_dir, dir1[d1], dir2[d2], dir3[d3]); /* E.g., ~/.gmt/server/earth/earth_relief/earth_relief_15s_p */
data/gmt-6.1.1+dfsg/src/clear.c:143:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (current_d1, "%s/srtm1", server_dir);
data/gmt-6.1.1+dfsg/src/clear.c:144:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (current_d1, F_OK) == 0 && gmt_remove_dir (API, current_d1, false))
data/gmt-6.1.1+dfsg/src/clear.c:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (current_d1, "%s/srtm3", server_dir);
data/gmt-6.1.1+dfsg/src/clear.c:147:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (current_d1, F_OK) == 0 && gmt_remove_dir (API, current_d1, false))
data/gmt-6.1.1+dfsg/src/clear.c:156:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (API->session_dir, F_OK)) {
data/gmt-6.1.1+dfsg/src/clear.c:163:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(del_cmd, t);
data/gmt-6.1.1+dfsg/src/clear.c:166:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (del_cmd, "rm -rf %s", API->session_dir);
data/gmt-6.1.1+dfsg/src/clear.c:169:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (del_cmd))) {
data/gmt-6.1.1+dfsg/src/docs.c:125:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "\'%s\'", opt->arg);
data/gmt-6.1.1+dfsg/src/docs.c:129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, opt->arg);
data/gmt-6.1.1+dfsg/src/docs.c:168:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (view))) {
data/gmt-6.1.1+dfsg/src/docs.c:270:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (&URL[8], R_OK)) { /* File does not exists, try GMT_DOC_DIR */
data/gmt-6.1.1+dfsg/src/docs.c:273:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (&URL[8], R_OK)) { /* File does not exists, try GMT_SHARE_DIR */
data/gmt-6.1.1+dfsg/src/docs.c:276:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (&URL[8], R_OK)) { /* File does not exists, give up and use remote link */
data/gmt-6.1.1+dfsg/src/docs.c:300:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", file_viewer, URL);
data/gmt-6.1.1+dfsg/src/docs.c:302:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/docs.c:315:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (view))) {
data/gmt-6.1.1+dfsg/src/filter1d.c:317:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt, "i%s", opt->arg);
data/gmt-6.1.1+dfsg/src/fitcircle.c:547:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "L1 Small Circle Pole. Distance from Pole to L1 Small Circle (degrees): %s", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/fitcircle.c:548:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (record, GMT_LEN256, format, rad);
data/gmt-6.1.1+dfsg/src/fitcircle.c:636:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (record, GMT_LEN256, format, rad);
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:1361:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:1500:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file[kk], code[k]);
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:230:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[k], "%lf/%s", &Ctrl->C.value, p);
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:1179:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, tag[k], (int)e);
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:1224:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, tag[k]);
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:689:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (opt->arg, "%[^/]/%[^/]/%s", txt, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:702:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^+]%s", txt, txt_b); /* txt_a should be symbols size with any +<modifiers> in txt_b */
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:744:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (strchr(&opt->arg[1],'/')+1, "%lf/%s", &Ctrl->S.confidence, txt_b);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:527:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&p[1], "%[^/]/%s", T[0], T[1]) != 2) {
data/gmt-6.1.1+dfsg/src/gmt2kml.c:534:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&p[1], "%[^/]/%s", T[0], T[1]) != 2) {
data/gmt-6.1.1+dfsg/src/gmt2kml.c:541:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&p[1], "%[^/]/%s", T[0], T[1]) != 2) {
data/gmt-6.1.1+dfsg/src/gmt2kml.c:570:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->D.active && access (Ctrl->D.file, R_OK), "Option -D: Cannot open HTML description file %s\n", Ctrl->D.file);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:594:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (R->text + ntabs, GMT_BUFSIZ - ntabs, format, args);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1016:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s Features", name[Ctrl->F.mode]);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1108:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (description, buffer);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1116:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (description, buffer);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1233:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (item, word);
data/gmt-6.1.1+dfsg/src/gmt_agc_io.c:106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (remark, AGCHEADINDICATOR);
data/gmt-6.1.1+dfsg/src/gmt_agc_io.c:110:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (remark, floatvalue);
data/gmt-6.1.1+dfsg/src/gmt_api.c:1007:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", GMT->init.runtime_libdir, GMT_CORE_LIB_NAME);
data/gmt-6.1.1+dfsg/src/gmt_api.c:1028:33: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( running_in_bindir_src && access (GMT_BINARY_DIR_SRC_DEBUG "/plugins", R_OK|X_OK) == 0 ) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:1057:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK))
data/gmt-6.1.1+dfsg/src/gmt_api.c:1082:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (plugindir, GMT->session.CUSTOM_LIBS);
data/gmt-6.1.1+dfsg/src/gmt_api.c:1090:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:1115:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (text, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:1639:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (revised, s[k]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5601:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, GMT->current.setting.format_float_out, GMT->current.io.curr_rec[0]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5604:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, GMT->current.setting.format_float_out, GMT->current.io.curr_rec[col]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5755:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, GMT->current.setting.format_float_out, GMT->current.io.curr_rec[0]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5758:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, GMT->current.setting.format_float_out, GMT->current.io.curr_rec[col]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:6775:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, API->GMT->init.module_name);
data/gmt-6.1.1+dfsg/src/gmt_api.c:7004:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filename, "@GMTAPI@-%c-%c-%s-%s-%c-%c-%06d", (module_input) ? 'P' : 'S', (direction == GMT_IN) ? 'I' : 'O', GMT_family_abbrev[family], GMT_family_abbrev[actual_family], gmtapi_debug_geometry_code (geometry), (messenger) ? 'Y' : 'N', object_ID);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8032:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (file, API->remote_info[k_data].ext); /* Must supply the .extension */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10731:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (file, suffix);
data/gmt-6.1.1+dfsg/src/gmt_api.c:10823:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Out->header->z_units, G->header->z_units);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11162:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, optarg);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11169:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, optarg);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11173:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, optarg);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11176:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, optarg);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11179:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, optarg);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11615:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (opt->arg[mod_pos]) strcat (txt, &opt->arg[mod_pos]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11841:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", GMT_PACKAGE_VERSION);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11845:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", API->GMT->init.runtime_bindir);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11847:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", API->GMT->session.SHAREDIR);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11849:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", API->GMT->session.DATADIR);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11851:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", API->GMT->init.runtime_plugindir);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11853:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "%s", API->GMT->init.runtime_library);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11867:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, gmtlib_putparameter (API->GMT, keyword));
data/gmt-6.1.1+dfsg/src/gmt_api.c:12029:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (mode % 4) sprintf (API->message, "%s | ", stamp); /* Lead with the time stamp */
data/gmt-6.1.1+dfsg/src/gmt_api.c:12033:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (API->message + source_info_len, GMT_MSGSIZ - source_info_len, format, args);
data/gmt-6.1.1+dfsg/src/gmt_api.c:12074:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (API->message, "%s | ", stamp); /* Lead with the time stamp */
data/gmt-6.1.1+dfsg/src/gmt_api.c:12087:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (API->message + source_info_len, GMT_MSGSIZ - source_info_len, format, args);
data/gmt-6.1.1+dfsg/src/gmt_api.c:13783:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, c);
data/gmt-6.1.1+dfsg/src/gmt_api.c:13839:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[8], "%*s %s %s %s %s", xx1, xx2, yy1, yy2);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:900:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date, D->format, text, ival[1], ival[2]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:902:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date, D->format, ival[0], text, ival[2]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:904:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date, D->format, ival[0], ival[1], text);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:907:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (date, D->format, ival[0], ival[1], ival[2]); /* Write date in correct order for this format */
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:926:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (clock, W->format, calendar.hour, calendar.min, i_sec, m_sec, W->ampm_suffix[ap]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:929:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (clock, W->format, calendar.hour, calendar.min, i_sec, W->ampm_suffix[ap]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:932:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (clock, W->format, calendar.hour, calendar.min, W->ampm_suffix[ap]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:935:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (clock, W->format, calendar.hour, W->ampm_suffix[ap]);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:939:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (clock, W->format, calendar.hour, calendar.min, i_sec, m_sec);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:970:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s", GMT->current.language.day_name[T->flavor][calendar.iso_d%7]);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:205:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (candidate_abs, candidate);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:206:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (candidate_abs, X_OK) == 0 ) {
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:314:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sharedir, GMT_SHARE_DIR_RELATIVE);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:353:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sharedir, GMT_SHARE_DIR_RELATIVE);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:619:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(s - 1, s);
data/gmt-6.1.1+dfsg/src/gmt_customio.c:2069:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (HH->pocket, "%[^/]/%s", driver, type);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:87:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", GMT->session.DCWDIR, name, suffix);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:88:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (path, R_OK) == 0)
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:128:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %s %[^\n]", Country[k].continent, Country[k].code, Country[k].name);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:153:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %s %[^\n]", State[k].country, State[k].code, State[k].name);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:305:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (list, GMT_DCW_country[k].code);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:316:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (list, code);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:554:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, " %s Segment %" PRIu64, msg, seg);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:560:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, label);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:561:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.io.segment_header, header);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:575:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, " -G"); strcat (header, gmtlib_putfill (GMT, sfill));
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:580:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, " -W"); strcat (header, gmt_putpen (GMT, spen));
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:585:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, label);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:689:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s [%s]", GMT_DCW_continents[k++], GMT_DCW_country[i].continent);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:695:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s\t%s", GMT_DCW_country[i].code, GMT_DCW_country[i].name);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:703:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s.%s\t%s", GMT_DCW_country[i].code, GMT_DCW_state[j].code, GMT_DCW_state[j].name);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:43:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64, GMT->current.setting.format_float_out, header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:44:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:47:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64, GMT->current.setting.format_float_out, header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:48:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:53:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64, GMT->current.setting.format_float_out, header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:54:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:57:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64, GMT->current.setting.format_float_out, header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:58:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:62:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64, GMT->current.setting.format_float_out, header->inc[GMT_X]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:63:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:337:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (record, "%*s %s", tmp) != 1) {
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:706:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN64-1, GMT->current.setting.format_float_out, grid[kk]);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:707:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (item, c);
data/gmt-6.1.1+dfsg/src/gmt_fft.c:368:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (GMT->session.CACHEDIR == NULL || access (GMT->session.CACHEDIR, R_OK|W_OK|X_OK))
data/gmt-6.1.1+dfsg/src/gmt_fft.c:378:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (wisdom_file, hostname);
data/gmt-6.1.1+dfsg/src/gmt_fft.c:401:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (*filename, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:234:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (GDLL->opts) strcat(ext_opts, GDLL->opts);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:41:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s:%s/%s", gdal_filename, GMT->session.CACHEDIR, &c[1]);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:234:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s=%s", file, GMT->session.shorthand[i].format);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:237:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, file);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:240:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, file);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1100:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (HH->name, "%[^?]?%s", tmp, HH->varname); /* Strip off variable name */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1111:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (HH->name, "%[^?]?%s", tmp, HH->varname); /* Strip off variable name */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1156:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (HH->name, "%[^?]?%s", tmp, HH->varname) > 1)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2023:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header->command, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:565:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, &c[1]); /* Pass out the directive argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:569:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argument, text); /* Not a directive, pass out the argument as is */
data/gmt-6.1.1+dfsg/src/gmt_init.c:632:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (orig, opt->arg); /* Retain a copy of current option arguments */
data/gmt-6.1.1+dfsg/src/gmt_init.c:633:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (copy, opt->arg); /* Retain another copy of current option arguments */
data/gmt-6.1.1+dfsg/src/gmt_init.c:674:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (add, "%c%s", code, argument); /* Prepend the directive code */
data/gmt-6.1.1+dfsg/src/gmt_init.c:676:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (add, "%s", argument);
data/gmt-6.1.1+dfsg/src/gmt_init.c:677:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new_arg, add); /* Add string to the short-format option argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:686:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (add, "+%c%s", code, argument); /* Append modifier with argument next to it (may be empty) */
data/gmt-6.1.1+dfsg/src/gmt_init.c:691:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new_arg, add); /* Add to the short-format option argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:696:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new_arg, sep); /* Add to the short-format option argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1112:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (p, "%[^=]=%s", A, name) != 2) return (GMT_PARSE_ERROR); /* Did not get two items */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, p);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1545:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new, term);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1552:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new, term);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1733:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (report, piece);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2296:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&p[1], "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:2305:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&p[1], "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c) < 2) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:2602:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, trans);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2668:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %s %s %s %s", a, b, c, d, e) != 5) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:2717:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
answer = (access (file, F_OK) == 0); /* true if subplot information file is found */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2723:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
answer = (access (file, F_OK) == 0); /* true if current panel file is found */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2741:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) return (GMT_NOERROR); /* No inset active */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2766:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) inset->first = true; /* First time plotting in the inset */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2802:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return; /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2806:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tag, ".%d.panel.%s", fig, panel);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2809:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return; /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2815:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return; /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2822:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return; /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2860:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access (cwd, W_OK)) /* Current directory is writable */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2898:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %[^\n]", option, value) != 2) continue; /* Quietly skip malformed lines */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2958:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access (cwd, W_OK)) /* Current directory is writable */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3053:54: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((this_c = getenv ("GMT6_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT6_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3055:59: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if ((this_c = getenv ("GMT5_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT5_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3057:58: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if ((this_c = getenv ("GMT_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3064:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access (GMT_SHARE_DIR, F_OK|R_OK)) /* Found in hardcoded GMT_SHARE_DIR pointing to an existent directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3106:52: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((this_c = getenv ("GMT_USERDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_USERDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3126:53: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((this_c = getenv ("GMT_CACHEDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_CACHEDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3147:55: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((this_c = getenv ("GMT_SESSIONDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_SESSIONDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3180:52: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((this_c = getenv ("GMT_CPTDIR")) != NULL && !access (this_c, F_OK|R_OK)) { /* GMT_CPTDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3204:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access (this_c, R_OK) == 0) { /* GMT_DATADIR was set to a single valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3229:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (this_c, R_OK|W_OK|X_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:3296:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out, in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3377:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (x_info, in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (y_info, in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3425:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (S->text[row], "%s", type);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4146:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->common.B.string[no], group_sep);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, orig_string); /* Make a copy of string as it gets messed with below */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4858:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%s", txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4860:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4879:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%s", txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4881:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%s", txt_a, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4883:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4901:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4939:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_d);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4941:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4946:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4948:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5001:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_d);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5003:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5008:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5010:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5065:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(args+i, "%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%s",
data/gmt-6.1.1+dfsg/src/gmt_init.c:5167:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%lf/%s", txt_a, txt_b, &az, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5174:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5189:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5213:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (args, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5310:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&text[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5660:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%c %d %s %s %s", &dwu, &i, full, abbrev, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5933:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.ps_convert, GMT_SESSION_CONVERT);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5950:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.io_head_marker_in, DEF_HEADER_MARKERS); /* Accept GMT or MATLAB header records or comments or quoted text */
data/gmt-6.1.1+dfsg/src/gmt_init.c:6141:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (buf, "%s %lf %*d", fullname, &GMT->session.font[i].height) != 2) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:6201:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %lg %lg", media, &w, &h) != 3) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:8371:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
got = sscanf (&p[1], "%" PRIu64, stop) + 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8375:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
got = sscanf (p, "%" PRIu64 " %" PRIu64, start, stop);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8384:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
got = sscanf (&p[1], "%" PRIu64 ":%" PRIu64, &inc, stop) + 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8387:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
got = sscanf (p, "%" PRIu64 ":%" PRIu64 ":%" PRIu64, start, &inc, stop);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8432:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (arg, "%s %s", A, B); /* Split into A and B strings */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9246:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s = %[^\n]", keyword, value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9335:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, map_annot_oblique_item[0]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9342:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, map_annot_oblique_item[k]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9832:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf (value, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9867:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf (lower_value, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9901:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf (value, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9906:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf (value, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10284:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.io_head_marker_in, DEF_HEADER_MARKERS); /* Handle GMT and MATLAB headers and comments */
data/gmt-6.1.1+dfsg/src/gmt_init.c:10290:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (value, "%[^,],%s", txt[GMT_IN], txt[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10295:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.io_head_marker_in, txt[GMT_IN]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10326:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else if ((i = sscanf (value, "%" PRIuS " , %" PRIuS, /* Chunk size: vert,hor */
data/gmt-6.1.1+dfsg/src/gmt_init.c:10388:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (value, "%[^,],%s", txt[GMT_IN], txt[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11210:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (value, tmp);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11641:72: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%s,", GMT->current.setting.io_head_marker_in); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11642:72: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%c", GMT->current.setting.io_head_marker_out); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11645:72: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%c", GMT->current.setting.io_head_marker_out); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11673:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (value, GMT_LEN256, "%" PRIuS ",%" PRIuS, /* chunk size: lat,lon */
data/gmt-6.1.1+dfsg/src/gmt_init.c:11700:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (value, GMT_LEN256, "%" PRIu64, GMT->current.setting.n_bin_header_cols);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11707:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%c,", GMT->current.setting.io_seg_marker[GMT_IN]); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11709:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%c", GMT->current.setting.io_seg_marker[GMT_OUT]); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11713:75: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (txt, 8U, "%c", GMT->current.setting.io_seg_marker[GMT_IN]); strcat (value, txt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11835:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (value, GMT_BUFSIZ, "%" PRIu64, (uint64_t)GMT->current.setting.url_size_limit);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12125:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, GMT_SETTINGS_FILE);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12344:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, GMT->current.setting.ref_ellipsoid[i].name);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12352:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (name, "%lf,%s", &GMT->current.setting.ref_ellipsoid[i].eq_radius, line);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12382:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (line, "%s %d %lf %lf %lf", GMT->current.setting.ref_ellipsoid[i].name,
data/gmt-6.1.1+dfsg/src/gmt_init.c:12627:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) { /* Panel selection file not available so we are not doing subplots */
data/gmt-6.1.1+dfsg/src/gmt_init.c:12760:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) { /* Subplot information file not available */
data/gmt-6.1.1+dfsg/src/gmt_init.c:12802:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) { /* Subplot information file not available */
data/gmt-6.1.1+dfsg/src/gmt_init.c:12844:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (line, "%*d %*d %*d %*d %*d %lg %lg %lg %lg %s %lg %lg %lg %lg %s %s %s %s",
data/gmt-6.1.1+dfsg/src/gmt_init.c:13033:17: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if ((file = mktemp (tmpfile)) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13253:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (r_code, E->arg); /* Append country codes only */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13269:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
default: strcat (e_code, "+"); strcat (e_code, p); break; /* Append as is */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13276:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (r_opt[0]) strcat (r_code, r_opt); /* This string is returned back for possible use by -R */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13410:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK)) /* No gmt.canvas file available for current figure so return 0 */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13505:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (arg, &c[1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13508:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (arg, sclY); /* Append the y scale/height */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13532:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Bfile, "%s/gmt.B.%d.%d.%d", API->gwf_dir, fig, row, col);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13539:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Bfile, "%s/gmt.B.%d.%d.%d", API->gwf_dir, fig, row, col);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13540:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (Bfile, F_OK) == 0) { /* Return true if file is found */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13928:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (arg, opt->arg); /* Start with what we were given */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13931:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (c[0] == '\0') strcat (arg, P->Bxlabel); /* Yes, +l was empty so add preset label */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13935:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (arg, P->Bxlabel);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13949:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (arg, opt->arg); /* Start with what we were given */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13952:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (c[0] == '\0') strcat (arg, P->Bylabel); /* Yes, +l was empty so add preset label */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13956:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (arg, P->Bylabel);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13976:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (P->Bxlabel[0]) {strcat (arg, "+l"); strcat (arg, P->Bxlabel);} /* Add label, if active */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13983:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (P->Bylabel[0]) {strcat (arg, "+l"); strcat (arg, P->Bylabel);} /* Add label, if active */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14088:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s", opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14089:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (file, API->remote_info[k_data].ext);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14152:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s%s", list, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14236:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (RG, tmp);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14240:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (RG, tmp);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14649:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (text, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14686:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (text, "%c%s", &symbol_type, text_cp);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14691:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (text, "%c%s %s", &symbol_type, text_cp, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14699:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{strcat(text_cp, "/"); strcat(text_cp, txt_a);col_off++;}
data/gmt-6.1.1+dfsg/src/gmt_init.c:14705:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text_cp, "/"); strcat(text_cp, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14725:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&text[one], "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14804:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (text_cp, "%c%[^/]/%s", &symbol_type, txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14828:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (text_cp, "%c%s", &symbol_type, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14850:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (text, "%c%[^/]/%s", &symbol_type, txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14858:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (text, "%c%[^/]/%s", &symbol_type, txt_a, txt_b); /* Redo since we need txt_b without modifiers */
data/gmt-6.1.1+dfsg/src/gmt_init.c:15063:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&text_cp[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15331:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&text[one], "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15692:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dest, "EPSG:%s", item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15694:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dest, "%s", item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15696:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dest, "%s", item_t1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15771:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (wktext[0]) strcat(dest, wktext); /* Append a +wktext to make this projection recognized by GDAL */
data/gmt-6.1.1+dfsg/src/gmt_init.c:15815:61: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (q) args[0] = item[0]; strcat (args, "af"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15818:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (q) args[0] = item[0]; strcat (args, "xaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15821:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (q) args[0] = item[0]; strcat (args, "yaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15824:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (q) args[0] = item[0]; strcat (args, "zaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15827:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (args, item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16450:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (dir, F_OK) == 0) { /* ... if it exists */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16622:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (line, GMT_BUFSIZ, format, args);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16641:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (message + source_info_len, GMT_BUFSIZ - source_info_len, format, args);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16655:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (dir, F_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16692:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (mode == 0 && access (line, F_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16721:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, F_OK)) { /* Use default session name and format */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16722:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (prefix, GMT_SESSION_NAME);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16723:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (formats, gmt_session_format[API->GMT->current.setting.graphics_format]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16733:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (file, "%s %s\n", prefix, formats)) < 1) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16739:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (formats, gmt_session_format[API->GMT->current.setting.graphics_format]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16773:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (line, "%d %s %s %s", &fig[k].ID, fig[k].prefix, fig[k].formats, fig[k].options)) < 3) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16943:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (cmd, F_OK)) { /* No such file, check if the fully baked file is there instead */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16946:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (cmd, F_OK)) { /* No such file ether, give up; warn if a fig set via gmt figure (k > 0) and it is not the movie_background case which may not have a plot to go with it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16982:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, option);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16983:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (p[0] == 'D') strcpy (dir, &p[1]); /* Needed in show */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16995:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, option);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16996:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (p[0] == 'D') strcpy (dir, &p[1]); /* Needed in show */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17014:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ext, gmt_session_format[gcode[f]]); /* Set extension */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17066:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK)) /* No gmt.current file available so return 0 */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17144:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (arg, "%s %s %s", prefix, formats, options);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17272:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK) == 0)
data/gmt-6.1.1+dfsg/src/gmt_init.c:17325:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK)) { /* Must create this legend file */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17443:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&file[2], "%*s %s\n", justification);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17447:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&file[2], "%*s %s %s %s\n", pen, fill, off);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17449:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&file[2], "%*s %s\n", dim);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17453:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&file[2], "%*s %s\n", dim);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17457:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (file, "%*s %*s %*s %s %*s %*s %*s %[^\n]\n", size, label);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17541:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, R_OK)) /* subplot end was never called */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17778:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (token, text); /* Add explicit last column to include */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17779:40: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (GMT->common.i.string[k+1] == ',') strcat (token, &GMT->common.i.string[k+1]); /* Probably trailing text selections */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17796:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (token, text); /* Add explicit last column to include */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17797:40: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (GMT->common.o.string[k+1] == ',') strcat (token, &GMT->common.o.string[k+1]); /* Probably trailing text selections */
data/gmt-6.1.1+dfsg/src/gmt_io.c:364:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", savedpath, F->d_name);
data/gmt-6.1.1+dfsg/src/gmt_io.c:368:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", savedpath, file);
data/gmt-6.1.1+dfsg/src/gmt_io.c:905:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (nt) strcat (GMT->current.io.curr_trailing_text, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmt_io.c:924:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (item, " %s[%s]", GMT->common.a.name[k], GMT_type[GMT->common.a.type[k]]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:925:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, item);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1138:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, f, fabs(geo));
data/gmt-6.1.1+dfsg/src/gmt_io.c:1139:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, suffix[is_lat][k]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1142:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, f, geo);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1162:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, m, s, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1164:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, m, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1166:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1169:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, m, s, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1171:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, m, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1173:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (&text[minus], GMT->current.io.geo.y_format, d, hemi);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2216:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = sscanf (s, GMT->current.io.clock_input.format, &hh, &mm, &ss);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2243:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((n = sscanf (s, GMT->current.io.date_input.format, &ival[0], &ival[1], &ival[2])) <= 0) return (-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2269:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ( (k = sscanf (s, GMT->current.io.date_input.format,
data/gmt-6.1.1+dfsg/src/gmt_io.c:2291:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = sscanf (s, GMT->current.io.date_input.format, month, &ival[GMT->current.io.date_input.item_order[1]],
data/gmt-6.1.1+dfsg/src/gmt_io.c:2295:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = sscanf (s, GMT->current.io.date_input.format, &ival[GMT->current.io.date_input.item_order[0]], month,
data/gmt-6.1.1+dfsg/src/gmt_io.c:2299:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
k = sscanf (s, GMT->current.io.date_input.format, &ival[GMT->current.io.date_input.item_order[0]],
data/gmt-6.1.1+dfsg/src/gmt_io.c:2312:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else if ((k = sscanf (s, GMT->current.io.date_input.format, &ival[GMT->current.io.date_input.item_order[0]],
data/gmt-6.1.1+dfsg/src/gmt_io.c:3590:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.io.curr_trailing_text, line);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3736:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (open_mode, (append) ? GMT->current.io.a_mode : GMT->current.io.w_mode);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3740:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (open_mode, (append) ? "a" : "w");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3818:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (tmpfile, PATH_MAX, file, TH->id, seg);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3820:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (tmpfile, PATH_MAX, file, SH->id);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4012:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
in = sscanf (&varnm[i][j+1], "%" SCNuS ",%" SCNuS ",%" SCNuS ",%" SCNuS, &GMT->current.io.t_index[i][1],
data/gmt-6.1.1+dfsg/src/gmt_io.c:4129:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (true); /* Readable */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4373:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (GMT->current.io.tempfile[0] && !access (GMT->current.io.tempfile, F_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4587:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (open_mode, (append) ? GMT->current.io.a_mode : GMT->current.io.w_mode);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4589:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (open_mode, (append) ? "a" : "w");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4659:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (tmpfile, PATH_MAX, file, TH->id);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4730:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4734:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GMT->current.io.filename[GMT_IN], "%s <converted from %s via ogr2ogr>", GMT->current.io.tempfile, c);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4783:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, skip);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4799:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, s); /* ...and append to message */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4808:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, skip);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4925:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (stem, R_OK)) return (strcpy (path, stem)); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4925:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!access (stem, R_OK)) return (strcpy (path, stem)); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4932:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", GMT->session.TMPDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4933:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4939:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (stem, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4941:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (strcpy (path, stem)); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4947:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", GMT->session.HOMEDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4949:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4956:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/server/srtm1/%s", GMT->session.USERDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4958:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/server/srtm3/%s", GMT->session.USERDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4960:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", GMT->session.USERDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4962:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4966:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/server/%s", GMT->session.USERDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4968:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:4975:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", GMT->session.CACHEDIR, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4977:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:5007:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (stem, F_OK)) { /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_io.c:5009:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5051:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", dir, stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5052:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
found = (!access (path, F_OK));
data/gmt-6.1.1+dfsg/src/gmt_io.c:5066:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
found = (!access (path, F_OK));
data/gmt-6.1.1+dfsg/src/gmt_io.c:5079:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/", udir[3], subdir[d]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5083:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/%s/%s", udir[3], subdir[d], subsubdir[s], stem);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5084:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
found = (!access (path, F_OK));
data/gmt-6.1.1+dfsg/src/gmt_io.c:5115:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s%s", stem, suffix);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5116:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, mode)) return (path); /* Yes, found it in current directory */
data/gmt-6.1.1+dfsg/src/gmt_io.c:5130:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", GMT->session.USERDIR, stem, suffix);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5131:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, mode)) return (path);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/%s%s", GMT->session.USERDIR, subdir, stem, suffix);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5135:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, mode)) return (path);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5142:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/%s%s", GMT->session.SHAREDIR, subdir, stem, suffix);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5143:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5149:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", GMT->session.SHAREDIR, stem, suffix);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5150:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5207:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, cleanfile);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5210:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access (file, mode)); /* When writing, only look in current directory */
data/gmt-6.1.1+dfsg/src/gmt_io.c:5217:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (file, GMT->parent->remote_info[k_data].ext); /* Must supply the .extension */
data/gmt-6.1.1+dfsg/src/gmt_io.c:5295:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.io.curr_trailing_text, GMT->current.io.curr_text);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5371:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s", tclock);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5373:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s", date);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5375:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%sT%s", date, tclock);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5401:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (item, GMT_LEN16, tformat[k0], n[k0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5402:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, item);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5410:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, item);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5436:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.io.o_format[col], x);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5438:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, x);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5459:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, x);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5876:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (sep & 1) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5877:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, word);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5878:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (sep & 2) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5894:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (sep & 1) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5895:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, word);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5896:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (sep & 2) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6405:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[0][0]) strcat (S->format, S->delimiter[0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6407:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6409:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[1][0]) strcat (S->format, S->delimiter[1]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6412:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6415:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6420:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6425:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6426:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6469:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[0][0]) strcat (S->format, S->delimiter[0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6471:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s ");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6472:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6480:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6482:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[1][0]) strcat (S->format, S->delimiter[1]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6484:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6494:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (S->format, "%%3s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6499:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (S->format, "%%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6506:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[0][0]) strcat (S->format, S->delimiter[0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6512:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%3s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6516:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (fmt, "%%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6522:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6524:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S->delimiter[1][0]) strcat (S->format, S->delimiter[1]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6527:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6532:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6555:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (S->x_format, "%s", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6556:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (S->y_format, "%s", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6563:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, S->delimiter[0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6564:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, S->delimiter[0]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6566:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6567:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6570:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, S->delimiter[1]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6571:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, S->delimiter[1]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6573:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6574:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6578:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6579:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6582:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6583:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->x_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6584:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (S->y_format, fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6606:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf (S->x_format, "%s", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6607:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (S->y_format, "%s", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6630:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[0][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6631:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[0][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6641:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[1][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6642:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[1][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6649:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[1][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6656:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[1][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6657:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[1][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6667:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6668:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6678:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6679:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6686:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6693:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][0], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6694:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (GMT->current.plot.format[2][1], fmt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6803:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (s, "%s %s", calstring, clockstring);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7185:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (G && G->tvalue && G->tvalue[0]) { strcpy (label, G->tvalue[0]); return ;} /* Had an OGR segment label */
data/gmt-6.1.1+dfsg/src/gmt_io.c:7201:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[i], "%s", label);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7206:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (!done) sscanf (&line[i], "%s", label);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7282:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, txt);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s[0]\t%s[1]", xy[mode][ix], xy[mode][iy]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7584:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (open_mode, GMT->current.io.r_mode);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7934:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Din->table[tbl]->header) strcat (T->header[hdr], Din->table[tbl]->header[hdr]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8699:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out, G->tvalue[id]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8719:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, F_OK)) return NULL; /* Quietly skip non-existent directories */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8746:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, F_OK)) return NULL; /* Quietly skip non-existent directories */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8786:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, F_OK)) return NULL; /* Quietly skip non-existent directories */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8815:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, F_OK)) return NULL; /* Quietly skip non-existent directories */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8866:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, F_OK) && remove (file)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:8970:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (_path, path); /* Copy string so its mutable */
data/gmt-6.1.1+dfsg/src/gmt_map.c:6666:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (tmp, GMT_LEN16, "a%g", T->interval); strcat (string, tmp);
data/gmt-6.1.1+dfsg/src/gmt_map.c:6667:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (is_time) T->unit = unit, strcat (string, sunit);
data/gmt-6.1.1+dfsg/src/gmt_map.c:6675:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (tmp, GMT_LEN16, "f%g", T->interval); strcat (string, tmp);
data/gmt-6.1.1+dfsg/src/gmt_map.c:6676:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (is_time) T->unit = unit, strcat (string, sunit);
data/gmt-6.1.1+dfsg/src/gmt_map.c:6683:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
snprintf (tmp, GMT_LEN16, "g%g", T->interval); strcat (string, tmp);
data/gmt-6.1.1+dfsg/src/gmt_map.c:6684:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (is_time) T->unit = unit, strcat (string, sunit);
data/gmt-6.1.1+dfsg/src/gmt_map.c:8794:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (text, "%[^:]:%s", ellipsoid, dr) != 2) {
data/gmt-6.1.1+dfsg/src/gmt_memory.c:661:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (p) { strcpy(p, s); }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:63:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pshistogram", 11U)) { strcpy (modname, module); return "histogram"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:64:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psternary", 9U)) { strcpy (modname, module); return "ternary"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:65:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pscontour", 9U)) { strcpy (modname, module); return "contour"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:66:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psbasemap", 9U)) { strcpy (modname, module); return "basemap"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:67:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psevents", 8U)) { strcpy (modname, module); return "events"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:68:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pswiggle", 8U)) { strcpy (modname, module); return "wiggle"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:69:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pslegend", 8U)) { strcpy (modname, module); return "legend"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:70:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pssegyz", 7U)) { strcpy (modname, module); return "segyz"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:71:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pssolar", 7U)) { strcpy (modname, module); return "solar"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:72:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psscale", 7U)) { strcpy (modname, module); return "colorbar"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:73:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pspolar", 7U)) { strcpy (modname, module); return "polar"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:74:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psimage", 7U)) { strcpy (modname, module); return "image"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:75:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pscoupe", 7U)) { strcpy (modname, module); return "coupe"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:76:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pscoast", 7U)) { strcpy (modname, module); return "coast"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:77:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psvelo", 6U)) { strcpy (modname, module); return "velo"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:78:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pssegy", 6U)) { strcpy (modname, module); return "segy"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:79:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pstext", 6U)) { strcpy (modname, module); return "text"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:80:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psmeca", 6U)) { strcpy (modname, module); return "meca"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:81:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psrose", 6U)) { strcpy (modname, module); return "rose"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:82:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psmask", 6U)) { strcpy (modname, module); return "mask"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:83:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psclip", 6U)) { strcpy (modname, module); return "clip"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:84:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "pssac", 5U)) { strcpy (modname, module); return "sac"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:85:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psxyz", 5U)) { strcpy (modname, module); return "plot3d"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:86:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (!strncmp (module, "psxy", 4U)) { strcpy (modname, module); return "plot"; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:87:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modname, module);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:532:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (coord, (gmt_M_x_is_lon (GMT, GMT_OUT)) ? "lon" : (gmt_M_type (GMT, GMT_OUT, GMT_X) & GMT_IS_RATIME) ? "time" : "x");
data/gmt-6.1.1+dfsg/src/gmt_nc.c:536:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (coord, (gmt_M_y_is_lat (GMT, GMT_OUT)) ? "lat" : (gmt_M_type (GMT, GMT_OUT, GMT_Y) & GMT_IS_RATIME) ? "time" : "y");
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1900:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (gfile, file, layer[k]);
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:488:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# define access _access
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:516:10: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
# define mktemp _mktemp
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:531:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# define popen _popen
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:539:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:539:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:541:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf(s, n, format , ...) sprintf(s, format , ##__VA_ARGS__)
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:541:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
# define snprintf(s, n, format , ...) sprintf(s, format , ##__VA_ARGS__)
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:545:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:547:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf(s, n, format, arg) vsprintf(s, format, arg)
data/gmt-6.1.1+dfsg/src/gmt_notposix.h:547:39: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
# define vsnprintf(s, n, format, arg) vsprintf(s, format, arg)
data/gmt-6.1.1+dfsg/src/gmt_parse.c:349:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (B_string[0]) strcat (B_string, B_delim); /* Add RS separator between args */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:615:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (&args[arg][first_char], F_OK)) { /* File does not exist; revert to writing to new output file */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:631:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t, "+%s", this_arg);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:778:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt[arg], buffer);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:865:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (txt, buffer);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:954:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (&buffer[out], arg); /* Insert the given arg instead */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2137:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, GMT->current.setting.format_float_map);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2230:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.format_float_map, format);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2446:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, GMT->current.setting.format_float_map);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2504:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.format_float_map, format);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2732:51: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if ((strlen (opt->arg) + length) < GMT_LEN1024) strcat (outstring, opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3203:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, s->string);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, GMT->current.io.curr_trailing_text);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3213:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, word);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3216:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, GMT->current.io.curr_trailing_text);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3230:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, tmp);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3248:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (tmp, GMT_LEN64, GMT->current.setting.format_float_out, size[n]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3249:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, tmp);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5984:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt, format);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6695:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (scale_c[0] != '\0') strcat (szProj4, scale_c); /* Add the width/scale found above */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6758:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6759:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6762:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (lon_0[0]) strcat(opt_J, lon_0), strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6787:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_1); strcat (opt_J, "/"); strcat(opt_J, lat_1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6787:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_1); strcat (opt_J, "/"); strcat(opt_J, lat_1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6788:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_2); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6788:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_2); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6792:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lonc); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6792:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lonc); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6793:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, alpha); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6831:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, t);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6867:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6867:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6868:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lat_1); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6868:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lat_1); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6871:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6871:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6903:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6903:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7003:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GMT->current.setting.ref_ellipsoid[GMT->current.setting.proj_ellipsoid].name, "%s", ename);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7008:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szProj4, t); /* Append to the proj4 string so that the +towgs84 case below will handle this */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7028:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s:%s", ename, txt); /* Create an ellip:dx,dy,dz string */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7030:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%12g,%.10f:%s",
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7080:46: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (gmt_strtok (pch, " \t+", &pos, token)) sprintf(scale_c, "%s", &token[6]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7088:46: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (gmt_strtok (pch, " \t+", &pos, token)) sprintf(scale_c, "%sW", &token[6]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7097:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_J, "/%s", scale_c);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7099:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opt_J, scale_c); /* Append the scale */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7252:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7537:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (region, "-R%s", &label[k]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7540:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (region, label);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7546:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -JX%gi/0.0001i -Baf%s -B%c -X0 -Y0 --MAP_FRAME_PEN=%s --FONT_ANNOT_PRIMARY=+%s --GMT_HISTORY=false", region, width, unit, axis, P1, gmt_putfont (GMT, F));
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7548:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -JX%gi/0.0001i -Bf%s -B%c -X0 -Y0 --MAP_FRAME_PEN=%s --GMT_HISTORY=false", region, width, unit, axis, P1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7640:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, R_OK) && (fpl = fopen (file, "r"))) { /* File exists and could be opened for reading */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7910:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((kk = sscanf (movie_item_arg[k][T], "%*c %lg %lg %*s %*s %d %lg %lg %s %*s %s %*s %s %[^\n]", &plot_x, &plot_y, &justify, &clearance[GMT_X], &clearance[GMT_Y], PP, FF, font, label)) != 9) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7973:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((kk = sscanf (movie_item_arg[k][T], "%c %lg %lg %lg %lg %d %lg %lg %s %s %s %s %s %[^\n]", &kind, &plot_x, &plot_y, &t, &width, &justify, &clearance[GMT_X], &clearance[GMT_Y], P1, P2, F1, F2, font, label)) < 13) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8071:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8084:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (buffer, "%d %" PRIuS, &layer[k].id, &layer[k].size);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9096:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
k = 1 + access (GMT->current.ps.filename, W_OK); /* 1 = File exists (must append) or 0 (must create) */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:171:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (del_cmd, t);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:174:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (del_cmd, "rm -rf %s", path);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:176:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (del_cmd))) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:238:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((nr = sscanf (line, "%s %s %s %c %lg %lg %s %lg %s %s %s %s %[^\n]", I[k].dir, I[k].file, I[k].inc, &I[k].reg, &I[k].scale, &I[k].offset, I[k].size, &I[k].tile_size, I[k].date, I[k].coverage, I[k].filler, I[k].CPT, I[k].remark)) != 13) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:249:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (I[k].ext, c);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:276:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (GMT->session.USERDIR, R_OK)) goto out_of_here; /* Set, but have not made a user directory yet, so cannot have any remote data yet either */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:282:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (file, R_OK)) continue; /* No such file or directory yet */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:388:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newfile, "%s_%c", infile, reg[k]);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:396:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (newfile, c);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:420:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, ++c);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:422:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, API->GMT->session.DATASERVER);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:478:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Lfile, "%s/%s.download", GMT->parent->tmp_dir, c);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:637:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (orig && !access (orig, F_OK)) { /* Refresh modification time of original hash file */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:684:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (line, "%s %s %" PRIuS, L[k].name, L[k].hash, &L[k].size);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:723:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (indexpath, R_OK)) { /* Not found locally so need to download the first time */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:726:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (serverdir, R_OK) && gmt_mkdir (serverdir)) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:734:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (indexpath, F_OK)) gmt_remove_file (GMT, indexpath); /* Remove index file just in case it got corrupted or zero size */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:762:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_indexpath, indexpath); /* Duplicate path name */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:764:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old_indexpath, indexpath); /* Duplicate path name */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:769:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (new_indexpath, F_OK)) gmt_remove_file (GMT, new_indexpath); /* Remove index file just in case it got corrupted or zero size */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:772:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (old_indexpath, F_OK))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:830:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (old_indexpath, F_OK))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:876:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (remote_name, "%s.SRTMGL%c.%s", &file[1], res, GMT_TILE_EXTENSION_REMOTE);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:895:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s=ns", localfile, ncfile); /* We know we are writing a netCDF short int grid */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:902:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, extra); /* This will embed the scale and offset in the netCDF file so we can use the full range */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:904:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, extra); /* This converts the integers we got back to Myr before we let netCDF do the offset/scaling above */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:906:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, args); /* Append the common arguments */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:961:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (clean_file, F_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:966:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (clean_file, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:983:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK)) goto not_local; /* Have not made a user directory yet, so cannot have the file yet either */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:984:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, GMT->parent->remote_info[k_data].dir); /* Append the subdir (/ or /server/earth/earth_relief/, etc) */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:985:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, GMT->parent->remote_info[k_data].file); /* Append filename */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:986:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK)) goto not_local; /* No such file yet */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:992:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK)) goto not_local; /* Have not made a user directory yet, so cannot have the file yet either */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:993:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, GMT->parent->remote_info[t_data].dir); /* Append the subdir (/ or /server/earth/earth_relief/, etc) */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:994:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, GMT->parent->remote_info[t_data].file); /* Append the tiledir to get full path to dir for this type of tiles */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:995:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, &file[1]); /* Append filename */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:997:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK)) { /* A local tile in netCDF format was not found. See if it exists as compressed JP2000 */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:999:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_jp2, R_OK))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1015:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1045:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access (GMT->session.CACHEDIR, R_OK) && gmt_mkdir (GMT->session.CACHEDIR))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1051:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (GMT->session.USERDIR == NULL || access (GMT->session.USERDIR, R_OK))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1060:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (GMT->session.USERDIR == NULL || access (GMT->session.USERDIR, R_OK))
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1064:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK) && gmt_mkdir (local_path)) /* Have or just made a server subdirectory */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1070:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK) && gmt_mkdir (local_path)) /* Have or just made a server/tile subdirectory */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1072:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, jp2_file);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1078:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (local_path, R_OK) && gmt_mkdir (local_path)) /* Have or just made a subdirectory under server */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1080:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (local_path, API->remote_info[k_data].file);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1132:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (local_path, file);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1151:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "@%s", file); /* Now should have something like @N22W160.earth_relief_01m_p.jp2 */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "@%s", &c[1]); /* Now should have something like @N22W160.earth_relief_01m_p.jp2 */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1204:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (localfile, F_OK) && gmt_remove_file (GMT, localfile)) /* Failed to clean up as well */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1346:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (file, "%*[^.].%[^.].%s", tag, ext)) != 2) return GMT_NOTSET; /* Could not extract tag and extension */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1377:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (coverage_file, "@%s", I->coverage); /* Prepend the remote flag since we may need to download the file */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1428:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "@%c%2.2d%c%3.3d.%s.%s", YS, abs(lat), XS, abs(lon), I->tag, GMT_TILE_EXTENSION_LOCAL);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1488:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tile_list, name);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1490:15: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if ((file = mktemp (tile_list)) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_shore.c:263:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", GMT->session.GSHHGDIR, stem, ".nc");
data/gmt-6.1.1+dfsg/src/gmt_shore.c:265:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, F_OK) == 0) { /* File exists here */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:266:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK) == 0 && gshhg_require_min_version (path, version) ) {
data/gmt-6.1.1+dfsg/src/gmt_shore.c:289:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK) == 0) { /* coastline.conf can be read */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:297:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", dir, stem, ".nc");
data/gmt-6.1.1+dfsg/src/gmt_shore.c:299:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
found = (access (path, F_OK) == 0); /* File was found */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:300:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK) == 0) { /* File can be read */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:317:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s%s", dir, stem, ".cdf");
data/gmt-6.1.1+dfsg/src/gmt_shore.c:318:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) == 0) /* Yes, old .cdf version found */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:335:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (path, R_OK) == 0) { /* File can be read */
data/gmt-6.1.1+dfsg/src/gmt_support.c:298:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&line[1], "%d/%s", &fill->dpi, fill->pattern);
data/gmt-6.1.1+dfsg/src/gmt_support.c:398:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", cpt_path, fill.pattern);
data/gmt-6.1.1+dfsg/src/gmt_support.c:400:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:1051:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s", P->style);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1055:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %lf", P->style, &P->offset);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1065:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, tmp);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1082:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (P->style, tmp);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1087:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (P->style, tmp);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2046:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L->name, label);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2068:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L->L[i].label, G->L[i]->label);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2617:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (this_label, label);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2625:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (this_label, G->label);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2646:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (this_label, G->f_label[fj]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2653:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (this_label, G->X->table[0]->segment[xl]->label);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2659:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (this_label, "%" PRIu64, (GMT->current.io.status & GMT_IO_SEGMENT_HEADER) ? GMT->current.io.seg_no - 1 : GMT->current.io.seg_no);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2663:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (this_label, "%d/%" PRIu64, GMT->current.io.tbl_no, (GMT->current.io.status & GMT_IO_SEGMENT_HEADER) ? GMT->current.io.seg_no - 1 : GMT->current.io.seg_no);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2687:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (L->label, "%s%s", G->prefix, txt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2691:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L->label, txt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2694:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (L->label, G->unit);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2870:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_label->label, G->crossect_tag[i]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2872:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (new_label->label, G->crossect_tag[i]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4193:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b)) != 2) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:4201:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (panel_txt, &p[1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4206:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (panel_txt, &p[1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4215:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "g%s/%s/", txt_a, txt_b); /* -Dg<lon>/<lat> is the new reference point */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4216:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (in_text, "%[^/]/%s", txt_a, txt_b); /* Read dimensions */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4220:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, &txt_a[1]); /* Append width to new option */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4221:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, unit); /* Append unit to new option */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4224:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, txt_b); /* Append height or duplicate */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4225:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, unit); /* Append unit */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4229:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, in_text); /* Append h/w as is */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4233:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, in_text);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4238:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, in_text);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4286:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&text[j], "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_sx, txt_sy, txt_len);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4289:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&text[j], "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_sy, txt_len);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4434:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[0], GMT->current.language.cardinal_name[2][2]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4435:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[1], GMT->current.language.cardinal_name[2][1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4436:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[2], GMT->current.language.cardinal_name[2][3]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4437:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[3], GMT->current.language.cardinal_name[2][0]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4805:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, in_name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4818:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, in_name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4881:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&buffer[strlen(BB_string[bb])], "%s %s %s %s", c1, c2, c3, c4);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4891:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (head->PS_macro, buffer);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4898:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (&buffer[2], "%d %s", &head->n_required, flags);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4933:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (buffer, "%*s %*s %s %s %s %*s %s %s %s %s %s %s %s %s", arg[0], OP, right, col[0], col[1], col[2], col[3], col[4], col[5], col[6], col[7]) - 3;
data/gmt-6.1.1+dfsg/src/gmt_support.c:4937:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (buffer, "%*s %s %s %s %*s %s %s %s %s %s %s %s %s", arg[0], OP, right, col[0], col[1], col[2], col[3], col[4], col[5], col[6], col[7]) - 3;
data/gmt-6.1.1+dfsg/src/gmt_support.c:4941:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nv = sscanf (right, "%s %s", arg[1], arg[2]); /* Get one [or two] constants or variables on right hand side */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4967:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->string, arg[k]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5007:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (buffer, "%s %s %s %s %s %s %s %s", col[0], col[1], col[2], col[3], col[4], col[5], col[6], col[7]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5099:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->string, col[3]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5398:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (!ID[0]) snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64, ndig, ndig, seg_no); /* Must assign a label from running numbers */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5456:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (!ID[0]) snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64, ndig, ndig, seg_no); /* Must assign a label from running numbers */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5584:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%s-%*.*" PRIu64, Tin->segment[seg]->label, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5588:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (seg_name[0]) snprintf (ID, GMT_BUFSIZ, "%s-%*.*" PRIu64, seg_name, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5592:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5594:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64 "-%*.*" PRIu64, sdig, sdig, seg_no, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5600:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ID, tmp);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5708:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%s-%*.*" PRIu64, Tin->segment[seg]->label, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5712:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (seg_name[0]) snprintf (ID, GMT_BUFSIZ, "%s-%*.*" PRIu64, seg_name, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5716:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5718:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (ID, GMT_BUFSIZ, "%*.*" PRIu64 "%*.*" PRIu64, sdig, sdig, seg_no, ndig, ndig, row);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6548:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (line, "%s %s %s", size, name, fill);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6724:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&p[1], "%[^/]/%s", T[BEG], T[END]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6725:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (n == 1) strcpy (T[END], T[BEG]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6748:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (v_args[n], "%[^+]%s", T[BEG], T[END]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6794:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (line, "%s %s %s", width, color, style);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7553:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&h[k], "%[^/]/%s", T1, T2) != 2) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:7607:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((nread = sscanf (&line[2], "%s %s %s %s", T1, T2, T3, T4)) < 1) error = true;
data/gmt-6.1.1+dfsg/src/gmt_support.c:7671:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, &line[k+1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7690:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nread = sscanf (line, "%s %s %s %s %s %s %s %s %s %s", T0, T1, T2, T3, T4, T5, T6, T7, T8, T9); /* Hope to read 4, 8, or 10 fields */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8014:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8025:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8031:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8036:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8042:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8047:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) file = strdup (path); /* Yes, found it */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8697:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%s\t%%s%%c");
data/gmt-6.1.1+dfsg/src/gmt_support.c:8710:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmtlib_puthsv (GMT, P->data[i].hsv_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8713:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmtlib_putcmyk (GMT, cmyk), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8716:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmt_putrgb (GMT, P->data[i].rgb_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8718:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmt_putcolor (GMT, P->data[i].rgb_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8721:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmtlib_puthsv (GMT, P->data[i].hsv_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8722:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, hi, gmtlib_puthsv (GMT, P->data[i].hsv_high), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8726:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmtlib_putcmyk (GMT, cmyk), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8728:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, hi, gmtlib_putcmyk (GMT, cmyk), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8731:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmt_putrgb (GMT, P->data[i].rgb_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8732:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, hi, gmt_putrgb (GMT, P->data[i].rgb_high), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8735:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, lo, gmt_putcolor (GMT, P->data[i].rgb_low), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8736:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, format, hi, gmt_putcolor (GMT, P->data[i].rgb_high), '\t');
data/gmt-6.1.1+dfsg/src/gmt_support.c:8963:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s", gmt_putcolor (GMT, rgb));
data/gmt-6.1.1+dfsg/src/gmt_support.c:9474:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&(arg[j]), "%[^,],%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9522:43: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (strchr (string, ',') && (n = sscanf (string, "%[^,],%s", txt_a, txt_b)) == 2) { /* Found :<labellow>,<labelhigh> */
data/gmt-6.1.1+dfsg/src/gmt_support.c:9593:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9692:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9745:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&p[1], "%[^,],%s", G->crossect_tag[0], G->crossect_tag[1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9805:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&txt[1+j], "%d/%s", &L->n_cont, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9941:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9998:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (G->pen, "%s", gmt_putpen (GMT, &GMT->current.setting.map_default_pen));
data/gmt-6.1.1+dfsg/src/gmt_support.c:10034:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (&txt[1+j], "%d/%s", &L->n_cont, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10118:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modifiers, &p[s]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10288:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (p, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10898:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, kind[closed]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10900:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, count[0]++);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10902:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, z);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10907:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, count[closed]++, kind[closed]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10909:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, kind[closed], count[closed]++);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10912:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, count[0]++, z);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10914:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, z, count[0]++);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10918:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, kind[closed], count[closed]++, z);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10920:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, kind[closed], z, count[closed]++);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10922:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, count[closed]++, z, kind[closed]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10924:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, count[closed]++, kind[closed], z);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10926:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, z, kind[closed], count[closed]++);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10928:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (file, PATH_MAX, template, z, count[closed]++, kind[closed]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10984:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, fmt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10991:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, fmt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10999:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, format, x);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11004:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, new_format, x);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11007:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, format, x);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11111:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (text, GMT_BUFSIZ, GMT->current.setting.format_float_map, interval);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, GMT->current.setting.format_float_map);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11137:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%.%df%s", ndec, text);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11139:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s%s", GMT->current.setting.format_float_map, text);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11149:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, GMT->current.setting.format_float_map);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11153:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, text);
data/gmt-6.1.1+dfsg/src/gmt_support.c:12701:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (string, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:12781:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&text[k], "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d)) != 4) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:13059:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (string, "%[^/]/%s", txt_a, ms->dlabel);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13061:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt_a, string);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13097:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[0], GMT->current.language.cardinal_name[2][2]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13098:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[1], GMT->current.language.cardinal_name[2][1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13099:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[2], GMT->current.language.cardinal_name[2][3]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13100:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ms->label[3], GMT->current.language.cardinal_name[2][0]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13229:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13248:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&p[1], "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14421:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (S->text[row], "%s %[^\n]", type, txt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14543:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, format, coord);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14671:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (hemi, GMT->current.language.cardinal_name[1][1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14675:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (hemi, GMT->current.language.cardinal_name[2][1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14678:80: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!(doubleAlmostEqual (val, 180.0) || doubleAlmostEqual (val, -180.0))) strcat (hemi, (val < 0.0) ? GMT->current.language.cardinal_name[1][0] : GMT->current.language.cardinal_name[1][1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14683:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (hemi, (val < 0.0) ? GMT->current.language.cardinal_name[2][2] : GMT->current.language.cardinal_name[2][3]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14697:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.calclock.geo.x_format, val, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14706:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14709:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14712:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, m, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14715:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, m, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14718:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, m, s, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14721:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, GMT->current.plot.format[level][type], d, m, s, m_sec, hemi);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14895:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s = %[^\n]", name, args); /* Get name and everything else */
data/gmt-6.1.1+dfsg/src/gmt_support.c:15389:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (label, "%s part %" PRIu64, txt, seg);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15884:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&arg[k], "%[^/]/%s", txt_x, the_rest)) < 1) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:15906:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if ((n2 = sscanf (&arg[k], "%[^/]/%s", txt_x, txt_y)) < 2) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:15913:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&arg[k], "%[^/]/%[^/]/%s", txt_x, txt_y, the_rest)) < 2) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:16307:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, argv[0]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16310:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, argv[k]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16582:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((ns = sscanf (argument, "%[^/]/%[^/]/%s", txt[GMT_X], txt[GMT_Y], txt[GMT_Z])) < 1) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:16925:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, arg);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16935:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen (cmd, "r"))) /* There was such a command */
data/gmt-6.1.1+dfsg/src/gmt_support.c:16941:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (text) strcpy (text, line); /* Want to return the first line */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17001:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nc = sscanf (S->text[row], "%c %s %s", &cont[c].type, txt, pen);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17008:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (nc == 2) strcpy (pen, txt); /* Since trailing text here was <type> <pen> */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17016:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pen, txt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17056:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'a': strcat (opts, GMT->common.a.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17057:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'b': strcat (opts, GMT->common.b.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17058:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'd': strcat (opts, GMT->common.d.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17059:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'f': strcat (opts, GMT->common.f.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17060:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'g': strcat (opts, GMT->common.g.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17061:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'h': strcat (opts, GMT->common.h.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17062:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'i': strcat (opts, GMT->common.i.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17063:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'n': strcat (opts, GMT->common.n.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17064:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 's': strcat (opts, GMT->common.s.string); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17157:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "GMT %s: The third-party supplements to the Generic Mapping Tools", library);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17232:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_arg, file); /* Everything up to start of +i */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17234:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (*c) strcat (new_arg, c); /* Append other modifiers given after +i */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17338:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dummy, gmt_strrep (txt, "\\t", new));
data/gmt-6.1.1+dfsg/src/gmt_support.c:17341:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dummy, txt);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17350:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%%%s%%", name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17352:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "${%s}", name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17448:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (record, start);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:209:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%s", A, B);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:343:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Ctrl->Q.file, status[k]); /* Create the file name */
data/gmt-6.1.1+dfsg/src/gmtconnect.c:439:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(separate_open_and_closed) ? sprintf (buffer, Ctrl->D.format, 'C', out_seg) : sprintf (buffer, Ctrl->D.format, out_seg);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:439:84: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(separate_open_and_closed) ? sprintf (buffer, Ctrl->D.format, 'C', out_seg) : sprintf (buffer, Ctrl->D.format, out_seg);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:648:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%" PRIu64 "%s%%s%s%%s%s%%c%s%s%s%s%s%%s%s%%c%s%s%s%s", s, s, s, s, GMT->current.setting.format_float_out, s, GMT->current.setting.format_float_out, \
data/gmt-6.1.1+dfsg/src/gmtconnect.c:653:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#id%ssegid%s@begin%sb_pt%sb_dist%sb_next%s@end%se_pt%se_dist%se_next", s, s, s, s, s, s, s, s, s);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:661:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
} else sprintf (name, "%" PRIu64, segment[iseg].orig_id);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:667:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
} else sprintf (name0, "%" PRIu64, segment[iseg].nearest[0].orig_id);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:673:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
} else sprintf (name1, "%" PRIu64, segment[iseg].nearest[1].orig_id);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:675:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, fmt, segment[iseg].orig_id, name, name0, BE[segment[iseg].nearest[0].end_order], segment[iseg].nearest[0].dist, segment[iseg].nearest[0].next_dist, name1, \
data/gmt-6.1.1+dfsg/src/gmtconnect.c:704:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, "%" PRIu64, segment[id].orig_id);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:714:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (text, GMT_LEN64, " -> %" PRIu64, segment[id2].orig_id);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:720:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, text); /* Append this connection */
data/gmt-6.1.1+dfsg/src/gmtconnect.c:795:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(separate_open_and_closed) ? sprintf (buffer, Ctrl->D.format, 'O', out_seg) : sprintf (buffer, Ctrl->D.format, out_seg);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:795:82: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(separate_open_and_closed) ? sprintf (buffer, Ctrl->D.format, 'O', out_seg) : sprintf (buffer, Ctrl->D.format, out_seg);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:867:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, Ctrl->D.format, 'C', out_seg);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:607:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Ctrl->S.select->pattern[0], p); /* Move the value over to the start */
data/gmt-6.1.1+dfsg/src/gmtconvert.c:675:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (use_tbl) strcat (D[GMT_OUT]->table[tbl_ver]->segment[seg]->text[n_rows], GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:676:63: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (D[GMT_IN]->table[use_tbl]->segment[seg]->text[row]) strcat (D[GMT_OUT]->table[tbl_ver]->segment[seg]->text[n_rows], D[GMT_IN]->table[use_tbl]->segment[seg]->text[row]);
data/gmt-6.1.1+dfsg/src/gmtget.c:249:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (message, API->remote_info[k].dir);
data/gmt-6.1.1+dfsg/src/gmtget.c:251:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (message, "%*s %s %s", planet, group);
data/gmt-6.1.1+dfsg/src/gmtget.c:252:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dataset, API->remote_info[k].file);
data/gmt-6.1.1+dfsg/src/gmtget.c:260:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (size, API->remote_info[k].size);
data/gmt-6.1.1+dfsg/src/gmtget.c:264:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s\t%s\t%s\t%s\t%u\t%s", planet, group, dataset, size, n, API->remote_info[k].remark);
data/gmt-6.1.1+dfsg/src/gmtget.c:275:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "@%s", API->remote_info[k].file);
data/gmt-6.1.1+dfsg/src/gmtget.c:291:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (GMT->session.CACHEDIR, R_OK) && gmt_mkdir (GMT->session.CACHEDIR)) { /* Have or just made a server subdirectory */
data/gmt-6.1.1+dfsg/src/gmtget.c:302:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (fp, "%s %*s %*s", line) == 1) {
data/gmt-6.1.1+dfsg/src/gmtget.c:303:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "@%s", line);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:683:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XLO], GMT_X); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:684:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XHI], GMT_X); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:686:74: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[YLO], GMT_Y); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:687:74: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[YHI], GMT_Y); strcat (record, &buffer[i]);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:693:81: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XLO], Ctrl->T.col); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:694:81: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XHI], Ctrl->T.col); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:695:82: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
i = gmtinfo_strip_blanks_and_output (GMT, buffer, Ctrl->T.inc, Ctrl->T.col); strcat (record, &buffer[i]);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:711:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, "%s-%" PRIu64, file, GMT->current.io.seg_no);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:713:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s", file);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:715:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, buffer);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:755:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, buffer);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:756:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, delimiter);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:758:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, buffer);
data/gmt-6.1.1+dfsg/src/gmtlogo.c:393:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%g,AvantGarde-Demi,%s", scale * 9.5, c_font); /* Create required font */
data/gmt-6.1.1+dfsg/src/gmtlogo.c:409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-T -Rd -JI0/%gi -N -O -K -X%gi -Y%gi %s", scale * 1.55, scale * 0.225, y, pars);
data/gmt-6.1.1+dfsg/src/gmtlogo.c:412:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-Rd -JI0/%gi -S%s -G%s -A35000+l -Dc -O -K %s --GMT_HISTORY=false", scale * 1.55, c_water, c_land, pars);
data/gmt-6.1.1+dfsg/src/gmtlogo.c:415:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-Rd -JI0/%gi -C -O -K -Bxg45 -Byg30 %s --MAP_POLAR_CAP=none --GMT_HISTORY=false", scale * 1.55, pars);
data/gmt-6.1.1+dfsg/src/gmtlogo.c:427:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-<%s -R167/527/-90/90 -JI-13/%gi -O -K -G%s@40 --GMT_HISTORY=false",
data/gmt-6.1.1+dfsg/src/gmtlogo.c:432:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-<%s -R167/527/-90/90 -JI-13/%gi -O -K -G%s -W%gp,%s -X-%gi -Y-%gi --GMT_HISTORY=false",
data/gmt-6.1.1+dfsg/src/gmtmath.c:198:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (p, "%" PRIu64 "-%" PRIu64, &start, &stop);
data/gmt-6.1.1+dfsg/src/gmtmath.c:204:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (p, "%" PRIu64, &start);
data/gmt-6.1.1+dfsg/src/gmtmath.c:823:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (opt->arg, "%" PRIu64 "/%" PRIu64, &Ctrl->N.ncol, &Ctrl->N.tcol) == 1) Ctrl->N.tcol = 0;
data/gmt-6.1.1+dfsg/src/gmtmath.c:5964:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (target, "RCL%s", opt2->arg);
data/gmt-6.1.1+dfsg/src/gmtselect.c:466:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (opt->arg, "%[^/]/%s", za, zb);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:945:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1009:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&p[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1280:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s[0]\t%s[1]\tz[2]\tweight[3]\tNN_dist[4]\tID[5]\tNN_ID[6]", name[k][GMT_X], name[k][GMT_Y]);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1598:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%s%s%s%s%s%s%s%s%%s%s%%s\n", GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out, \
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1695:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, "%s-%" PRIu64 "%s%s-%" PRIu64, TH1->file[GMT_IN], seg1, GMT->current.setting.io_col_separator, TH2->file[GMT_IN], seg2);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1697:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s%s%s", TH1->file[GMT_IN], GMT->current.setting.io_col_separator, TH2->file[GMT_IN]);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1797:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%c : Input %%s %%s is an %%s duplicate of a %%s %%s in %%s, with d = %s c = %%.6g s = %%.4g",
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1825:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "N : Input %s %s not present in %s", feature[poly_D], src, from);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1840:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "| : Input %s %s was separated at the Dateline from %s %s in %s", feature[poly_D], src, feature[poly_S2], dup, from);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1842:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, format, verdict[abs(I->mode)], feature[poly_D], src, kind[I->mode+4], feature[poly_S2],
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1972:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s from table %" PRIu64 " segment %" PRIu64 " is inside polygon # %d", kind[Ctrl->N.all], tbl, seg, ID);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1987:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, txt);
data/gmt-6.1.1+dfsg/src/gmtvector.c:232:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmtvector.c:258:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&opt->arg[1], "%lg/%s", &Ctrl->T.par[0], txt_a)) != 2) {
data/gmt-6.1.1+dfsg/src/gmtvector.c:311:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s%s", dir, &file[k][1]);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:157:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fail = access (path, R_OK);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:160:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, jp2_file);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:161:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fail = access (path, R_OK);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:169:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Out->text, path);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:176:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Out->text, path);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:256:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s%s", opt->arg, API->remote_info[k_data].ext); /* Append the implicit extension for remote grids */
data/gmt-6.1.1+dfsg/src/gmtwhich.c:258:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, opt->arg);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:268:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, cwd);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:273:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, Yes);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:284:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, No);
data/gmt-6.1.1+dfsg/src/grd2cpt.c:270:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/grd2cpt.c:621:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Mean and S.D. of data are %s %s\n",
data/gmt-6.1.1+dfsg/src/grd2cpt.c:701:51: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (gmt_M_is_verbose (GMT, GMT_MSG_INFORMATION)) sprintf (format, "z = %s and CDF(z) = %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grd2kml.c:355:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s/%s/L%2.2d", url, prefix, level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:361:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s/%s/%2.2d/", url, prefix, level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:443:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filt_report, " [Resampled with -I%s]", s_int);
data/gmt-6.1.1+dfsg/src/grd2kml.c:444:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -I%s -rp -G%s", DataGrid, s_int, Zgrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:458:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filt_report, " [%s filtered with -F%c%s -I%s]", kind[k], filter, fwidth, s_int);
data/gmt-6.1.1+dfsg/src/grd2kml.c:459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -D0 -F%c%s -I%s -rp -G%s", DataGrid, filter, fwidth, s_int, Zgrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/grd2kml_pixeldata_tmp_%6.6d.grd", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:544:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -T -G%s", Ctrl->In.file, file); /* Toggle registration */
data/gmt-6.1.1+dfsg/src/grd2kml.c:570:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/grd2kml_intensity_tmp_%6.6d.grd", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:574:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -A%s -N%s --GMT_HISTORY=false", Ctrl->In.file, Ctrl->I.file, Ctrl->I.azimuth, Ctrl->I.method);
data/gmt-6.1.1+dfsg/src/grd2kml.c:584:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/grd2kml_pixelintens_tmp_%6.6d.grd", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:585:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -T -G%s", Ctrl->I.file, file);
data/gmt-6.1.1+dfsg/src/grd2kml.c:642:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (DataGrid, "%s/grd2kml_extended_data_%6.6d.grd", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:643:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -R%.16g/%.16g/%.16g/%.16g -N -G%s", Ctrl->In.file, ext_wesn[XLO], ext_wesn[XHI], ext_wesn[YLO], ext_wesn[YHI], DataGrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:651:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (IntensGrid, "%s/grd2kml_extended_intens_%6.6d.grd", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:652:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -R%.16g/%.16g/%.16g/%.16g -N -G%s", Ctrl->I.file, ext_wesn[XLO], ext_wesn[XHI], ext_wesn[YLO], ext_wesn[YHI], IntensGrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:663:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (DataGrid, Ctrl->In.file);
data/gmt-6.1.1+dfsg/src/grd2kml.c:665:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (IntensGrid, Ctrl->I.file);
data/gmt-6.1.1+dfsg/src/grd2kml.c:677:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cptfile, "%s/grd2kml_%d.cpt", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:714:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "C %s", S->text[c]); /* Build the required record format for grdcontour */
data/gmt-6.1.1+dfsg/src/grd2kml.c:732:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "C %s", Ctrl->W.file); /* Build the required record format for grdcontour */
data/gmt-6.1.1+dfsg/src/grd2kml.c:752:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (grdimage, "-JX%3.2lfi -X0 -Y0%s -W -Ve --PS_MEDIA=%3.2lfix%3.2lfi", dim, K, dim, dim);
data/gmt-6.1.1+dfsg/src/grd2kml.c:753:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->C.active) { strcat (grdimage, " -C"); strcat (grdimage, Ctrl->C.file); }
data/gmt-6.1.1+dfsg/src/grd2kml.c:756:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (grdcontour, "-JX%3.2lfi -O -C%s -Ve", dim, contour_file);
data/gmt-6.1.1+dfsg/src/grd2kml.c:772:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (level_dir, "%s/%2.2d", Ctrl->N.prefix, level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:777:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Zgrid, "%s/grd2kml_Z_L%d_tmp_%6.6d.grd", API->tmp_dir, level, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:784:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Igrid, "%s/grd2kml_I_L%d_tmp_%6.6d.grd", API->tmp_dir, level, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:794:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Zgrid, DataGrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:796:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (Ctrl->I.active) strcpy (Igrid, IntensGrid);
data/gmt-6.1.1+dfsg/src/grd2kml.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (S, N);
data/gmt-6.1.1+dfsg/src/grd2kml.c:828:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (W, E);
data/gmt-6.1.1+dfsg/src/grd2kml.c:862:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (imagefile, "%s/L%2.2dR%3.3dC%3.3d.%s", Ctrl->N.prefix, level, row, col, ext[im_type]);
data/gmt-6.1.1+dfsg/src/grd2kml.c:864:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (imagefile, "%s/R%3.3dC%3.3d.%s", level_dir, row, col, ext[im_type]);
data/gmt-6.1.1+dfsg/src/grd2kml.c:866:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -I%s -R%s/%s/%s/%s -A%s", grdimage, z_data, Igrid, W, E, S, N, imagefile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:868:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -R%s/%s/%s/%s -A%s", grdimage, z_data, W, E, S, N, imagefile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:869:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (im_type) strcat (cmd, transp);
data/gmt-6.1.1+dfsg/src/grd2kml.c:879:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (psfile, "%s/grd2kml_tile_tmp_%6.6d.ps", API->tmp_dir, uniq);
data/gmt-6.1.1+dfsg/src/grd2kml.c:881:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -I%s -R%s/%s/%s/%s ->%s", grdimage, z_data, Igrid, W, E, S, N, psfile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:883:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -R%s/%s/%s/%s ->%s", grdimage, z_data, W, E, S, N, psfile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:884:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (im_type) strcat (cmd, transp);
data/gmt-6.1.1+dfsg/src/grd2kml.c:887:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -R%s/%s/%s/%s %s ->>%s", grdcontour, z_data, W, E, S, N, scalepen_arg, psfile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:911:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (region, "%s/%s/%s/%s", W, E, S, N);
data/gmt-6.1.1+dfsg/src/grd2kml.c:915:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -T%c -D%s -FL%2.2dR%3.3dC%3.3d %s", ps_cmd, img_code[im_type], Ctrl->N.prefix, level, row, col, psfile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:917:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -T%c -D%s -FR%3.3dC%3.3d %s", ps_cmd, img_code[im_type], level_dir, row, col, psfile);
data/gmt-6.1.1+dfsg/src/grd2kml.c:944:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (W, E);
data/gmt-6.1.1+dfsg/src/grd2kml.c:948:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (S, N);
data/gmt-6.1.1+dfsg/src/grd2kml.c:968:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (z_extend && !access (DataGrid, F_OK))
data/gmt-6.1.1+dfsg/src/grd2kml.c:970:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (i_extend && !access (IntensGrid, F_OK))
data/gmt-6.1.1+dfsg/src/grd2kml.c:1015:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s.kml", Ctrl->N.prefix, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/grd2kml.c:1017:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/L%2.2dR%3.3dC%3.3d.kml", Ctrl->N.prefix, Q[k]->level, Q[k]->row, Q[k]->col);
data/gmt-6.1.1+dfsg/src/grd2kml.c:1019:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%2.2d/R%3.3dC%3.3d.kml", Ctrl->N.prefix, Q[k]->level, Q[k]->row, Q[k]->col);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:173:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (arg, "o%s", opt->arg);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:361:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:362:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:365:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:366:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:371:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:372:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:375:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:376:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:380:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->header->inc[GMT_X]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:381:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:391:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (item, GMT->current.setting.format_float_out, G->data[ij]);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:399:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:445:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s%s%s%s%s", G->header->y_units, GMT->current.setting.io_col_separator, G->header->x_units, GMT->current.setting.io_col_separator, G->header->z_units);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:447:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s%s%s%s%s", G->header->x_units, GMT->current.setting.io_col_separator, G->header->y_units, GMT->current.setting.io_col_separator, G->header->z_units);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:449:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/grdblend.c:245:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nr = sscanf (In->text, "%s %s %lf", file, r_in, &weight);
data/gmt-6.1.1+dfsg/src/grdblend.c:442:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s/grdblend_resampled_%d_%d.nc", GMT->parent->tmp_dir, (int)getpid(), n);
data/gmt-6.1.1+dfsg/src/grdblend.c:461:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s/grdblend_reformatted_%d_%d.nc", GMT->parent->tmp_dir, (int)getpid(), n);
data/gmt-6.1.1+dfsg/src/grdblend.c:920:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (outtemp, "%s/grdblend_temp_%d.nc", API->tmp_dir, (int)getpid()); /* Get temporary file name */
data/gmt-6.1.1+dfsg/src/grdblend.c:1094:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -V%c --GMT_HISTORY=false", outfile, Ctrl->G.file, V_level[GMT->current.setting.verbose]);
data/gmt-6.1.1+dfsg/src/grdclip.c:164:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%lf/%s", &Ctrl->S.high, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:166:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%f/%s", &Ctrl->S.high, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:183:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%lf/%s", &Ctrl->S.low, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:185:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%f/%s", &Ctrl->S.low, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:210:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%lf/%lf/%s", &Ctrl->S.class[n_class].low, &Ctrl->S.class[n_class].high, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:212:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%f/%f/%s", &Ctrl->S.class[n_class].low, &Ctrl->S.class[n_class].high, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:230:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%lf/%s", &Ctrl->S.class[n_class].low, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:232:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[1], "%f/%s", &Ctrl->S.class[n_class].low, txt);
data/gmt-6.1.1+dfsg/src/grdclip.c:380:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "< %s set to %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdclip.c:381:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (format, buffer);
data/gmt-6.1.1+dfsg/src/grdclip.c:387:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "between %s and %s set to %s\n", GMT->current.setting.format_float_out,
data/gmt-6.1.1+dfsg/src/grdclip.c:389:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (format, buffer);
data/gmt-6.1.1+dfsg/src/grdclip.c:390:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "equal to %s set to %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdclip.c:391:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (format2, buffer);
data/gmt-6.1.1+dfsg/src/grdclip.c:401:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "> %s set to %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdcontour.c:916:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " -%c%s", opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:919:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd2, string); break;
data/gmt-6.1.1+dfsg/src/grdcontour.c:924:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " -%c%s", opt->option, dup_string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:926:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd2, string); break;
data/gmt-6.1.1+dfsg/src/grdcontour.c:929:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:931:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " -C%s", optN->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:933:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cptfile, opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:941:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cptfile, opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:948:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); break;
data/gmt-6.1.1+dfsg/src/grdcontour.c:950:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); break;
data/gmt-6.1.1+dfsg/src/grdcontour.c:954:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:955:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (opt->arg[0] == 'a') strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:958:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:959:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " -%c%c%s", opt->option, opt->option, opt->arg); /* Must explicitly append */
data/gmt-6.1.1+dfsg/src/grdcontour.c:960:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:970:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd0, "%s %c%s", opt->next->arg, opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:975:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:977:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:977:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:981:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:981:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, string); strcat (cmd2, string);
data/gmt-6.1.1+dfsg/src/grdcontour.c:1016:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd1, optN->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:1542:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (cont_label, format, cval);
data/gmt-6.1.1+dfsg/src/grdcut.c:169:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&opt->arg[k], "%[^/]/%[^/]/%s", za, zb, zc) == 3) {
data/gmt-6.1.1+dfsg/src/grdcut.c:200:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&opt->arg[k], "%[^/]/%s", za, zb) == 2) {
data/gmt-6.1.1+dfsg/src/grdcut.c:728:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "\t%s\t%s\t%s\t%s\t%s\t%s\t%%d\t%%d\n", GMT->current.setting.format_float_out,
data/gmt-6.1.1+dfsg/src/grdfft.c:452:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s[0]\txpow[1]\tstd_xpow[2]\typow[3]\tstd_ypow[4]\tcpow[5]\tstd_cpow[6]\tnpow[7]\tstd_npow[8]\t" \
data/gmt-6.1.1+dfsg/src/grdfft.c:456:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s[0]\tpow[1]\tstd_pow[2]", name[give_wavelength]);
data/gmt-6.1.1+dfsg/src/grdfft.c:763:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (combined, "%s%s", opt->arg, argument);
data/gmt-6.1.1+dfsg/src/grdfill.c:259:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -G%s -S%s -R%.16g/%.16g/%.16g/%.16g -I%.16g/%.16g -D%d", input, output, method, wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI], G->header->inc[GMT_X], G->header->inc[GMT_Y], mode);
data/gmt-6.1.1+dfsg/src/grdfilter.c:728:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[1], "%[^/]/%s", a, b);
data/gmt-6.1.1+dfsg/src/grdfilter.c:775:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (&txt[1], "%[^/]/%s", a, b) != 2) { /* Get filter width and bin width */
data/gmt-6.1.1+dfsg/src/grdfilter.c:802:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&txt[1], "%[^/]/%s", a, b);
data/gmt-6.1.1+dfsg/src/grdfilter.c:1349:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -R%s -V%c", in_string, out_string, Ctrl->In.file, V_level[GMT->current.setting.verbose]);
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:479:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[1], "%[^/]/%s", a, b);
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:518:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&txt[1], "%[^/]/%s", a, b);
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:1020:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -R%s -V%d", in_string, out_string, Ctrl->In.file, GMT->current.setting.verbose);
data/gmt-6.1.1+dfsg/src/grdgradient.c:447:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sfile, "%s/grdgradient.stat", GMT->session.TMPDIR);
data/gmt-6.1.1+dfsg/src/grdgradient.c:449:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sfile, "%s/grdgradient.stat", API->tmp_dir);
data/gmt-6.1.1+dfsg/src/grdgradient.c:452:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (sfile, F_OK)) {
data/gmt-6.1.1+dfsg/src/grdgradient.c:805:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "\t%s\t%s\t%s\t%s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdgradient.c:838:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sfile, "%s/grdgradient.stat", GMT->session.TMPDIR);
data/gmt-6.1.1+dfsg/src/grdgradient.c:840:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sfile, "%s/grdgradient.stat", API->tmp_dir);
data/gmt-6.1.1+dfsg/src/grdimage.c:880:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-G%s -A%s -N%s+a%s -R%.16g/%.16g/%.16g/%.16g --GMT_HISTORY=false ",
data/gmt-6.1.1+dfsg/src/grdimage.c:883:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, data_grd);
data/gmt-6.1.1+dfsg/src/grdimage.c:885:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, int4_grd);
data/gmt-6.1.1+dfsg/src/grdimage.c:887:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, Ctrl->I.file);
data/gmt-6.1.1+dfsg/src/grdimage.c:889:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, Ctrl->In.file[0]);
data/gmt-6.1.1+dfsg/src/grdimage.c:959:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -I%d+/%d+ --GMT_HISTORY=false", in_string, out_string, n_columns, n_rows);
data/gmt-6.1.1+dfsg/src/grdimage.c:1140:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mem_layout, GMT->current.gdal_read_in.O.mem_layout); /* Backup current layout */
data/gmt-6.1.1+dfsg/src/grdinfo.c:271:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s+s", &opt->arg[1]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:397:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, out[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:398:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, out[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:399:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, out[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:400:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, out[YHI], GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:433:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s (%d%s)", tmptxt, int_inc[which], unit[kind][use_unit[which]]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:440:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%d%s", int_inc[GMT_X], unit[kind][use_unit[GMT_X]]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:442:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%d%s/%d%s", int_inc[GMT_X], unit[kind][use_unit[GMT_X]], int_inc[GMT_Y], unit[kind][use_unit[GMT_Y]]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:446:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%d%s/%s", int_inc[GMT_X], unit[kind][use_unit[GMT_X]], tmptxt);
data/gmt-6.1.1+dfsg/src/grdinfo.c:450:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s/%d%s", tmptxt, int_inc[GMT_Y], unit[kind][use_unit[GMT_Y]]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:455:24: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, "/"); strcat (text, tmptxt);
data/gmt-6.1.1+dfsg/src/grdinfo.c:465:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, "/"); strcat (text, tmptxt);
data/gmt-6.1.1+dfsg/src/grdinfo.c:744:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:745:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:746:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:747:76: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[YHI], GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:752:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "-%s", c);
data/gmt-6.1.1+dfsg/src/grdinfo.c:757:61: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
grdinfo_smart_increments (GMT, G->header->inc, 2, text); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:761:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "> Bounding box for %s", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:806:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:812:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s%s", HH->name, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:814:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:814:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:816:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:816:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:818:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:818:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:820:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:820:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:822:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:822:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:824:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:824:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:827:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:827:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:830:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:830:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:832:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:832:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:834:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:837:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, x_min, GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:837:85: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, x_min, GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:838:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, y_min, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:838:85: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, y_min, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:839:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, x_max, GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:839:85: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, x_max, GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:840:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, y_max, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:840:85: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, y_max, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:843:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_median, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:843:88: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_median, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:844:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_scale, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:844:88: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_scale, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:847:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_mean, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:847:86: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_mean, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:848:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_stdev, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:848:87: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_stdev, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:849:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_rms, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:849:87: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_rms, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:851:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (Ctrl->M.active) { sprintf (text, "%s%" PRIu64, sep, n_nan); strcat (record, text); }
data/gmt-6.1.1+dfsg/src/grdinfo.c:851:69: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->M.active) { sprintf (text, "%s%" PRIu64, sep, n_nan); strcat (record, text); }
data/gmt-6.1.1+dfsg/src/grdinfo.c:853:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_mode, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:853:88: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_mode, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:854:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_lmsscl, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:854:88: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, z_lmsscl, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:856:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, (double)G->header->registration, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:856:110: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, (double)G->header->registration, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:857:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, (double)gtype, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:857:92: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, sep); gmt_ascii_format_col (GMT, text, (double)gtype, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:858:45: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (Ctrl->C.mode == GRDINFO_TRAILING) { sprintf (text, "%s%s", sep, HH->name); strcat (record, text); }
data/gmt-6.1.1+dfsg/src/grdinfo.c:858:84: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->C.mode == GRDINFO_TRAILING) { sprintf (text, "%s%s", sep, HH->name); strcat (record, text); }
data/gmt-6.1.1+dfsg/src/grdinfo.c:864:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Title: %s", HH->name, G->header->title); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:865:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Command: %s", HH->name, G->header->command); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:866:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Remark: %s", HH->name, G->header->remark); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:868:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: %s node registration used [%s]", HH->name, type[G->header->registration], gtype[gmt_M_is_geographic (GMT, GMT_IN)]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:870:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Unknown registration! Probably not a GMT grid", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:873:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Grid file format: %s", HH->name, GMT->session.grdformat[G->header->type]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:875:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: Unrecognized grid file format! Probably not a GMT grid", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:880:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_min: %.7f", HH->name, G->header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:882:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_max: %.7f", HH->name, G->header->wesn[XHI]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:884:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_inc: %.7f", HH->name, G->header->inc[GMT_X]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:886:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: name: %s", HH->name, G->header->x_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:888:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: n_columns: %d", HH->name, G->header->n_columns);
data/gmt-6.1.1+dfsg/src/grdinfo.c:890:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_min: %.7f", HH->name, G->header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:892:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_max: %.7f", HH->name, G->header->wesn[YHI]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:894:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_inc: %.7f", HH->name, G->header->inc[GMT_Y]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:896:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: name: %s", HH->name, G->header->y_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:898:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: n_rows: %d", HH->name, G->header->n_rows);
data/gmt-6.1.1+dfsg/src/grdinfo.c:902:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_min: %.2f", HH->name, G->header->wesn[XLO]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:904:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_max: %.2f", HH->name, G->header->wesn[XHI]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:906:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_inc: %.2f", HH->name, G->header->inc[GMT_X]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:908:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: name: %s", HH->name, G->header->x_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:910:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: n_columns: %d", HH->name, G->header->n_columns);
data/gmt-6.1.1+dfsg/src/grdinfo.c:912:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_min: %.2f", HH->name, G->header->wesn[YLO]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:914:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_max: %.2f", HH->name, G->header->wesn[YHI]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:916:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_inc: %.2f", HH->name, G->header->inc[GMT_Y]);
data/gmt-6.1.1+dfsg/src/grdinfo.c:918:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: name: %s", HH->name, G->header->y_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:920:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: n_rows: %d", HH->name, G->header->n_rows);
data/gmt-6.1.1+dfsg/src/grdinfo.c:926:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: x_min: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:927:77: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[XLO], GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:929:77: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[XHI], GMT_OUT, GMT_X); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:930:95: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, " x_inc: "); grdinfo_smart_increments (GMT, G->header->inc, GMT_X, text); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:933:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
c[0] = '\0'; strcat (record, G->header->x_units); if (c) c[0] = ' ';
data/gmt-6.1.1+dfsg/src/grdinfo.c:936:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, G->header->x_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:937:61: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sprintf (text, " n_columns: %d", G->header->n_columns); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:939:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: y_min: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:940:77: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[YLO], GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:942:77: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->wesn[YHI], GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:943:95: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, " y_inc: "); grdinfo_smart_increments (GMT, G->header->inc, GMT_Y, text); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:946:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
c[0] = '\0'; strcat (record, G->header->y_units); if (c) c[0] = ' ';
data/gmt-6.1.1+dfsg/src/grdinfo.c:949:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, G->header->y_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:950:55: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sprintf (text, " n_rows: %d", G->header->n_rows); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:957:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: z_min: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:958:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_min, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, " at x = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:959:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, x_min, GMT_OUT, GMT_X); strcat (record, text); strcat (record, " y = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:960:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, y_min, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, " z_max: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:961:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_max, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, " at x = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:962:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, x_max, GMT_OUT, GMT_X); strcat (record, text); strcat (record, " y = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:963:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, y_max, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:967:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: zmin: %g", HH->name, G->header->z_min); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:968:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: zmax: %g", HH->name, G->header->z_max); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:969:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: name: %s", HH->name, G->header->z_units); GMT_Put_Record (API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/grdinfo.c:972:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: z_min: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:973:73: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->z_min, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:975:73: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, G->header->z_max, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:976:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, " name: "); strcat (record, G->header->z_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:981:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s: scale_factor: %s add_offset: %s",
data/gmt-6.1.1+dfsg/src/grdinfo.c:983:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, format, G->header->z_scale_factor, G->header->z_add_offset);
data/gmt-6.1.1+dfsg/src/grdinfo.c:986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s packed z-range: [%s,%s]", record,
data/gmt-6.1.1+dfsg/src/grdinfo.c:988:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, format,
data/gmt-6.1.1+dfsg/src/grdinfo.c:995:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: %" PRIu64 " nodes (%.1f%%) set to NaN", HH->name, n_nan, percent);
data/gmt-6.1.1+dfsg/src/grdinfo.c:999:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: median: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1000:65: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_median, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1002:64: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_scale, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1006:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: mean: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1007:64: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_mean, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1009:64: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_stdev, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1011:64: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_rms, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1015:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: mode: ", HH->name);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1016:65: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_mode, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1018:65: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, z_lmsscl, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1024:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, " chunk_size: %" PRIuS ",%" PRIuS " shuffle: %s deflation_level: %u",
data/gmt-6.1.1+dfsg/src/grdinfo.c:1030:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s: format: %s%s",
data/gmt-6.1.1+dfsg/src/grdinfo.c:1083:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%d%s", n_grds, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1084:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmin, GMT_OUT, GMT_X); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1084:90: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmin, GMT_OUT, GMT_X); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1085:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmax, GMT_OUT, GMT_X); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1085:90: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmax, GMT_OUT, GMT_X); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1086:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymin, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1086:90: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymin, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1087:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymax, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1087:90: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymax, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1088:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_zmin, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1088:90: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_zmin, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, sep);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1089:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_zmax, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1128:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_zmin, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1129:66: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_zmax, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1132:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, Ctrl->T.inc, GMT_OUT, GMT_Z); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1162:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmin, GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1163:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_xmax, GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1164:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymin, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1165:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, global_ymax, GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:213:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Ctrl->F.spline, opt->arg); /* Keep track of what was given since it may need to be passed verbatim to other modules */
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:239:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (opt->arg, F_OK) && strchr (opt->arg, '/')) { /* Got a single point and not a valid path */
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:241:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:362:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cube_layer, &nc_layer[1]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:446:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s", Ctrl->In.file[0]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:448:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s?%s[0]", Ctrl->In.file[0], cube_layer);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:467:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (prof_args, "%s+c", Ctrl->E.lines);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:492:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s %s", Si->text[row], Ctrl->S.header);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:538:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (grid, "%s", Ctrl->In.file[k]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:540:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (grid, "%s?%s[%" PRIu64 "]", Ctrl->In.file[0], cube_layer, k);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:546:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s ->%s", i_file, grid, o_file);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:549:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, GMT->common.R.string);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:572:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "Location %g,%g %s", Si->data[GMT_X][row], Si->data[GMT_Y][row], Si->text[row]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:608:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -F%s -N%d -T%s ->%s", i_file, Ctrl->F.spline, (int)(Out->n_columns - 1), Ctrl->T.string, o_file);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:629:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, seg);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:665:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Grid->header->x_units, unit);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:702:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s", Ctrl->In.file[k]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:704:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s?%s[%" PRIu64 "]", Ctrl->In.file[0], cube_layer, k);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:745:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, Ctrl->T.T.array[k]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:747:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s", Ctrl->G.file);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:339:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:665:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "Derived from the %s resolution shorelines", shore_resolution[base]);
data/gmt-6.1.1+dfsg/src/grdmask.c:341:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdmath.c:6103:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (target, "RCL%s", opt2->arg);
data/gmt-6.1.1+dfsg/src/grdmix.c:520:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, code[band]);
data/gmt-6.1.1+dfsg/src/grdpaste.c:334:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%s\t%s\t%s\t%s\t%s\t%s\t%s\t%%d\t%%d\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdproject.c:410:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "(%s/%s/%s/%s)", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out,
data/gmt-6.1.1+dfsg/src/grdproject.c:503:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "+proj=longlat +ellps=%s +no_defs", gdal_ellipsoid_name);
data/gmt-6.1.1+dfsg/src/grdsample.c:302:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Input grid (%s/%s/%s/%s) n_columns = %%d n_rows = %%d dx = %s dy = %s registration = %%d\n",
data/gmt-6.1.1+dfsg/src/grdtrack.c:265:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (record, "%s", line); /* Since we may have more than one word in the line */
data/gmt-6.1.1+dfsg/src/grdtrack.c:330:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (opt->arg, "%[^/]/%[^/]/%s", ta, tb, tc);
data/gmt-6.1.1+dfsg/src/grdtrack.c:723:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (run_cmd, "# %s %s", GMT->init.module_name, cmd); /* Build command line argument string */
data/gmt-6.1.1+dfsg/src/grdtrend.c:418:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "Coefficient fit to %%s: %s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdtrend.c:632:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "grdtrend: Robust iteration %%d: Old Chi Squared: %s New Chi Squared: %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/grdvector.c:238:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c) != 3) {
data/gmt-6.1.1+dfsg/src/grdvector.c:259:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (opt->arg, "%[^+]%s", txt_a, txt_b); /* txt_a should be symbols size with any +<modifiers> in txt_b */
data/gmt-6.1.1+dfsg/src/grdvector.c:616:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (v_unit, API->GMT->session.unit_name[API->GMT->current.setting.proj_length_unit]);
data/gmt-6.1.1+dfsg/src/grdview.c:519:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (opt->arg, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/grdview.c:603:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (opt->arg, "%lf %s", &Ctrl->N.level, colors);
data/gmt-6.1.1+dfsg/src/grdview.c:910:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (data_file, Ctrl->I.file);
data/gmt-6.1.1+dfsg/src/grdview.c:917:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (data_file, Ctrl->In.file);
data/gmt-6.1.1+dfsg/src/grdview.c:920:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -A%s -N%s+a%s -R%.16g/%.16g/%.16g/%.16g --GMT_HISTORY=false",
data/gmt-6.1.1+dfsg/src/greenspline.c:344:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_items = sscanf (&opt->arg[2], "%[^/]/%s", txt[4], txt[5]);
data/gmt-6.1.1+dfsg/src/greenspline.c:359:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_items = sscanf (&opt->arg[2], "%[^/]/%s", txt[4], txt[5]);
data/gmt-6.1.1+dfsg/src/greenspline.c:384:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_items = sscanf (opt->arg, "%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%s", txt[0], txt[1], txt[2], txt[3], txt[4], txt[5]);
data/gmt-6.1.1+dfsg/src/greenspline.c:449:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[k], "%lf/%s", &Ctrl->C.value, p);
data/gmt-6.1.1+dfsg/src/greenspline.c:2242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "N: %" PRIu64 " S: %s G: %s", nm, (Ctrl->C.active) ? "SVD" : "G-J", Ctrl->S.arg);
data/gmt-6.1.1+dfsg/src/greenspline.c:2448:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, (int)k+1);
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:274:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "# Data extracted from GSHHG file %s", Ctrl->In.file);
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:345:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%6d%8d%3d%2c %s %s %s %s", h.id, h.n, level, source, west, east, south, north);
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:349:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%6d%8d%2d%2c %.12g %.12g %s %s %s %s %6d %6d", h.id, h.n, level, source, area, f_area, west, east, south, north, h.container, h.ancestor);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:59:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "cannot open file \"%s\" (%d).\n", filename, status);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:67:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "cannot inquire version attribute length from file \"%s\" (%d).\n", filename, status);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:72:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "invalid version attribute length: %" PRIuS "\n", v_len);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:80:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "cannot read version attribute from file \"%s\" (%d).\n", filename, status);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:94:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "cannot parse version string \"%s\" (%d).\n", gshhg_version_string, status);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:117:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "%s\n", filename);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:132:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FAILURE_PREFIX "usage: gshhg_version file [min_required_version]\n");
data/gmt-6.1.1+dfsg/src/gshhg_version.c:153:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "cannot parse version string \"%s\" (%d).\n", argv[2], status);
data/gmt-6.1.1+dfsg/src/gshhg_version.c:157:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "version of %s < min required version %s.\n", argv[1], argv[2]);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:788:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R%g/%g/%g/%g -Jm1i -I %s -G%s --PROJ_ELLIPSOID=Sphere --PROJ_LENGTH_UNIT=inch --GMT_HISTORY=false", west, east, south2, north2, input, output);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:821:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R%g/%g/%g/%g -I%gm %s -G%s -fg --GMT_HISTORY=false", west, east, south, north, Ctrl->I.value, input, Ctrl->G.file);
data/gmt-6.1.1+dfsg/src/inset.c:253:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.inset.%d", API->gwf_dir, fig); /* Inset information file */
data/gmt-6.1.1+dfsg/src/inset.c:255:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
exist = !access (file, F_OK); /* Determine if inset information file exists */
data/gmt-6.1.1+dfsg/src/inset.c:284:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ffile, "%s/gmt.frame", API->gwf_dir);
data/gmt-6.1.1+dfsg/src/inset.c:335:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ffile, "%s/%s.%s", API->gwf_dir, GMT_HISTORY_FILE, tag);
data/gmt-6.1.1+dfsg/src/inset.c:339:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ffile, "%s/%s.%s", API->gwf_dir, GMT_HISTORY_FILE, tag);
data/gmt-6.1.1+dfsg/src/inset.c:347:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ffile, "%s/gmt.frame", API->gwf_dir);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:155:61: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->In.active && access (Ctrl->In.file, R_OK), "Cannot read file %s\n", Ctrl->In.file);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "kml2gmt: KML read from %s", Ctrl->In.file);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:268:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s", &line[start]);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:283:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s", &line[start]);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:293:68: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (name[0]) { strcat (GMT->current.io.segment_header, "-L\""); strcat (GMT->current.io.segment_header, name); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/kml2gmt.c:295:75: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (description[0]) { strcat (GMT->current.io.segment_header, "-D\""); strcat (GMT->current.io.segment_header, description); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/makecpt.c:264:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/makecpt.c:296:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[1], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/mapproject.c:442:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%c%[^/]/%s", &c, txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/mapproject.c:548:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/mapproject.c:632:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[k], "%[^/]/%s", from, to);
data/gmt-6.1.1+dfsg/src/mapproject.c:1045:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s/%s/%s/%s", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out,
data/gmt-6.1.1+dfsg/src/mapproject.c:1082:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, auxlat[Ctrl->N.mode/2]);
data/gmt-6.1.1+dfsg/src/mapproject.c:1087:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, GMT->common.R.wesn[XLO], GMT->common.R.wesn[XHI], GMT->common.R.wesn[YLO], GMT->common.R.wesn[YHI]);
data/gmt-6.1.1+dfsg/src/mapproject.c:1088:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "Transform %s", text);
data/gmt-6.1.1+dfsg/src/mapproject.c:1090:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, xmin, xmax, ymin, ymax);
data/gmt-6.1.1+dfsg/src/mapproject.c:1091:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, text);
data/gmt-6.1.1+dfsg/src/mapproject.c:1093:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, unit_name);
data/gmt-6.1.1+dfsg/src/mapproject.c:1512:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Input extreme values: Xmin: %s Xmax: %s Ymin: %s Ymax %s\n",
data/gmt-6.1.1+dfsg/src/mapproject.c:1517:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Output extreme values: Xmin: %s Xmax: %s Ymin: %s Ymax %s\n",
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:126:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (F->MGD77_HOME, this_c);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:130:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (F->MGD77_HOME, "%s/mgd77", GMT->session.SHAREDIR);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:268:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/mgd77_paths.txt", F->MGD77_HOME);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:277:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (F->MGD77_datadir[0], F->MGD77_HOME);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:292:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (F->MGD77_datadir[F->n_MGD77_paths], line);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1210:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((nconv = sscanf (currentField, mgd77defs[i].readMGD77, &value)) != 1) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1492:80: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define place_float(item,fmt) if (!gmt_M_is_dnan(MGD77Record->number[item])) { sprintf (buffer, fmt, MGD77Record->number[item]); strcat (line, buffer); }
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1492:130: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define place_float(item,fmt) if (!gmt_M_is_dnan(MGD77Record->number[item])) { sprintf (buffer, fmt, MGD77Record->number[item]); strcat (line, buffer); }
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1493:78: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define place_int(item,fmt) if (!gmt_M_is_dnan(MGD77Record->number[item])) { sprintf (buffer, fmt, (int)MGD77Record->number[item]); strcat (line, buffer); }
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1493:133: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define place_int(item,fmt) if (!gmt_M_is_dnan(MGD77Record->number[item])) { sprintf (buffer, fmt, (int)MGD77Record->number[item]); strcat (line, buffer); }
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1494:60: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define place_text(item) if (MGD77Record->word[item][0]) { strcat (line, MGD77Record->word[item]); }
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1514:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (!gmt_M_is_dnan (r_time)) { sprintf (buffer, "%.8g", r_time); strcat (line, buffer); } strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1558:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (i == 1) fprintf (F->fp, mgd77defs[24].printMGD77, MGD77Record->word[nwords++]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1559:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if (i == 24 || i == 25) fprintf (F->fp, mgd77defs[i+1].printMGD77, MGD77Record->word[nwords++]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1562:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (F->fp, mgd77defs[nvalues].printMGD77, lrint (MGD77Record->number[nvalues]*mgd77defs[nvalues].factor));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1762:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Cruise %s (NGDC ID %s)", H->mgd77[use]->Survey_Identifier, F->NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1766:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s [%s] Conversion from MGD77 ASCII to MGD77+ netCDF format", ctime(&now), H->author);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1772:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (H->history, string);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1800:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s_dim", H->info[set].col[id].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2716:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (track, R_OK)) { /* OK, found it */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2718:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, track);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2755:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s.%s", track, MGD77_suffix[fmt]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2761:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (geo_path, R_OK)) { /* OK, found it */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2762:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, geo_path);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2774:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s/%s.%s", F->MGD77_datadir[id], track, MGD77_suffix[fmt]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2776:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s/%s", F->MGD77_datadir[id], track);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2777:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (geo_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2778:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, geo_path);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2825:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (F->path, "%s.%s", leg, MGD77_suffix[F->format]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2934:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (F->fp, MGD77_COL_ORDER);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3142:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for (k = 0; k < MGD77_N_STRING_FIELDS; k++) strcpy (tvals[k], MGD77Record.word[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3152:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for (k = 0; k < MGD77_N_STRING_FIELDS; k++) strcpy (tvals[k], MGD77Record.word[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3159:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for (k = 0; k < MGD77_N_STRING_FIELDS; k++) strcpy (tvals[k], MGD77Record.word[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4306:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L[n++], line);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4336:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L[n++], this_arg);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4353:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "dir /b %s > .tmpdir", F->MGD77_datadir[j]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4355:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system (line)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5734:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %s %[^\n]", cruise, name, arguments);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5741:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (word, "%[^*]*%s", factor, basis);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5865:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %s %[^\n]", cruise, name, arguments);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5881:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (word, "%[^*]*%s", factor, basis);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:348:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Att, "%s_REVISED", name); /* Revised attributes have _REVISED at the end of their names */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:370:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Att, "%s_REVISED", name); /* Revised attributes have _REVISED at the end of their names */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:263:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (a77_file, R_OK)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:267:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (h77_file, R_OK)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s.%s", M.NGDC_id, MGD77_suffix[Ctrl->T.format]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:343:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, R_OK)) { /* File exists */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:383:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (D->H.author, M.user); /* Pass current user login id as author */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:429:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value,"%s, 0",value);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:453:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(params,value);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:495:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s %[^\t\n]", name, value);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:511:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, " Cruise: %8s ", M.NGDC_id); fprintf (GMT->session.std[GMT_OUT], "%s", buffer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:548:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (GMT->session.std[GMT_OUT], "%ld%s%" PRIu64, lrint (this_dist), GMT->current.setting.io_col_separator, D->H.n_records);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:552:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (GMT->session.std[GMT_OUT],"%s%" PRIu64, GMT->current.setting.io_col_separator, counter[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:517:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:523:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:529:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:535:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:541:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:547:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, MGD77_AUX);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:729:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fx_setting, F->desired_column[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:878:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/mgd77_corrections.txt", M.MGD77_HOME);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:879:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:970:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fx_setting, M.Constraint[kk].name); /* Must add to our list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1037:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/mgd77_corrections.txt", M.MGD77_HOME);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1038:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1148:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (word, "%7s", D->H.info[c].col[id].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:211:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, line);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:226:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (abbrev, p);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:242:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, p);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:245:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (units, p);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:257:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (comment, p);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:678:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp_string[n], word);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:710:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (GMT->current.io.curr_text, "%*s %s", word);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:712:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp_string[n], word);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:802:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (history, "%s [%s] removed columns", ctime(&now), In.user);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:828:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (history, p);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:838:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (oldfile, "%s.old", In.path);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:850:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (D->H.history, history); /* MGD77_Write_FILE_cdf will use this to create the history attribute, thus preserving earlier history */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1112:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (efile, "%s.e77", list[argno]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (efile, "%s/E77/%s.e77", In.MGD77_HOME, list[argno]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1131:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (&line[1], "%*s %s %*s %*s %*s %*s %*s %s %*s %" SCNu64, ID, date, &n_recs);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1185:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%c %s %s %" SCNu64 " %s", &YorN, ID, timestamp, &rec, code);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1323:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (answer, "%" SCNu64 "-%" SCNu64, &from, &to);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1345:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%c %s %s %" SCNu64 " %s", &YorN, ID, timestamp, &rec, code);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1440:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (E77, "%s [%s] E77 corrections applied to header: %d scale: %d offset: %d recalc: %d flags: %d",
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1445:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (D->H.E77, E77);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1576:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (history, "%s [%s] Column %s added", ctime(&now), In.user, Ctrl->I.c_abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1582:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (D->H.history, history);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:355:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s\torig:\t%f\tnew:\t%f\n",fieldTest,dorig[k],dnew[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:754:54: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (!error && this_grid[n_grids].format == 0 && sscanf (opt->arg, "%[^,],%s", this_grid[n_grids].abbrev, this_grid[n_grids].fname) != 2) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:876:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (fpercent_limit, GMT->current.setting.format_float_out, percent_limit);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:949:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (custom_limit_line,"%s %s %s %s %s", field_abbrev, tmp_min, tmp_max, tmp_maxSlope, tmp_area) == 5) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1008:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s%s",mgd77defs[i].abbrev,GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1027:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#speed(%s)%s",speed_units,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1028:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[twt]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1029:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[depth]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1030:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf1]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1031:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf2]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1032:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mag]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1033:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[diur]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1034:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[msd]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1035:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[gobs]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1036:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[eot]%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1041:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#d[twt]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1042:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[depth]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1043:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf1]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1044:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf2]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1045:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mag]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1046:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[diur]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1047:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[msd]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1048:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[gobs]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1049:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[eot]%sdt%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1050:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[faa]%sdt\n",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1053:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#d[twt]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1054:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[depth]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1055:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf1]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1056:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mtf2]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1057:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[mag]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1058:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[diur]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1059:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[msd]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1060:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[gobs]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1061:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[eot]%sds%s",GMT->current.setting.io_col_separator,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1062:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "d[faa]%sds\n",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1066:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#lat%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1067:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "lon%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1068:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "twt%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1069:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "depth%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1070:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "mtf1%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1071:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "mtf2%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1072:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "mag%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1073:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "diur%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1074:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "msd%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1075:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "gobs%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1076:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "eot%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1081:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#lat%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1082:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "lon%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1083:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "dist%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1085:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "crs_%s%s",this_grid[i].abbrev,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1086:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "grd_%s%s",this_grid[i].abbrev,GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1087:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "diff%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1092:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "#lat%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1093:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "lon%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1094:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "dist%s",GMT->current.setting.io_col_separator); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1124:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (outfile,"%s.e77",M.NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1166:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, adjustScale[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1168:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, adjustDC[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1189:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timeStr,"%s",ctime(&clock));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1208:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s Warning - %d of %d records contain invalid time\n",M.NGDC_id,n_nan,nvalues);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1292:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr,"%s %s %d - Time zone adjustment error (Westbound)",M.NGDC_id,timeStr,curr+1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1294:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr,"%s %s %d - Time zone adjustment error (Eastbound)",M.NGDC_id,timeStr,curr+1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1295:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, D[curr].time-D[j].time);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1340:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr,"%s %s %d",M.NGDC_id,timeStr,curr+1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1341:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, D[curr].time-D[j].time);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1342:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Time not monotonically increasing (%s sec.)\n",placeStr, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1374:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr,"%s %s %d",M.NGDC_id,timeStr,curr+1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1375:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, speed);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1376:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Excessive speed %s %s\n",placeStr, text, speed_units);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1398:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Warning! Navigation flags flipped by user!\n",M.NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1498:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Flagged %.2f %% of records with bad navigation", M.NGDC_id,n_bad*100.0/nvalues);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1571:39: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for (j=0; j<MGD77_N_STATS; j++) sprintf (fstats[j],GMT->current.setting.format_float_out,stats[j]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1576:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, stats[MGD77_RLS_SLOPE]/adjustScale[this_grid[i].col]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1581:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, stats[MGD77_RLS_ICEPT]-adjustDC[this_grid[i].col]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1588:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) RLS m: %s b: %s rms: %s r: %s sig: %d dec: %d\n",
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1604:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Slope %s is statistically different from 1\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1611:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, test_slope[j]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1616:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Slope %s statistically identical to %s. Recommended: [%g]\n",M.NGDC_id,this_grid[i].abbrev,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1628:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, test_slope[j]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1642:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, recommended_scale);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1647:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Slope %s different from 1. Recommended: [%s]\n",M.NGDC_id,this_grid[i].abbrev,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1659:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Ship and %s grid appear identical (m=1,b=0,s=0)\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1684:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Offset different than 0 (%s)\n",M.NGDC_id,this_grid[i].abbrev,fstats[MGD77_RLS_ICEPT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1707:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Free-air anomalies may have been computed using IGF 1930.\n",M.NGDC_id,this_grid[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1724:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression slope (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1736:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression rms (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1748:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression correlation (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1763:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression slope (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1774:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression offset (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1786:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression rms (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1798:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Regression correlation (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1889:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for (k=0; k<MGD77_N_STATS; k++) sprintf (fstats[k],GMT->current.setting.format_float_out,stats[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1900:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) anomaly differs from gobs-IGF80%s(m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,text,fstats[MGD77_RLS_SLOPE],\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1909:58: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) anomaly differs from gobs-IGF80%s(m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,text,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1920:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) anomaly statistically the same as gobs-IGF80%s(m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,text,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1929:65: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) anomaly equivalent to gobs-IGF80%s(m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,text,fstats[MGD77_RLS_SLOPE],\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1940:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) gobs may not be corrected for Eotvos (correlation for gobs-IGF80+eot > correlation for gobs-IGF80)\n",M.NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1949:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) insignificant regression: reported versus gobs-IGF80%s(m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,text,fstats[MGD77_RLS_SLOPE],\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1991:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for (k=0; k<MGD77_N_STATS; k++) sprintf (fstats[k],GMT->current.setting.format_float_out,stats2[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1997:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) Free-air anomalies may have been computed using IGF 1930 (m: %s b: %s rms: %s r: %s sig: %d dec: %d). (Consider adjusting to 1980).\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2015:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) Recomputed anomaly regression slope (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2026:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) Recomputed anomaly regression intercept (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2038:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) Recomputed anomaly regression rms (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2050:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (faa) Recomputed anomaly regression correlation (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2130:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for (k=0; k<MGD77_N_STATS; k++) sprintf (fstats[k],GMT->current.setting.format_float_out,stats[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2140:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) anomaly differs from mtf%d-IGRF (m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,2-(int)mtf1,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2146:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) anomaly statistically the same as mtf%d-IGRF (m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,2-(int)mtf1,fstats[MGD77_RLS_SLOPE],\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2156:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) recalculated anomaly regression insignificant (m: %s b: %s rms: %s r: %s sig: %d dec: %d)\n",M.NGDC_id,fstats[MGD77_RLS_SLOPE],\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2162:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) unable to recompute anomalies\n",M.NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2178:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) Recomputed anomaly regression slope (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2189:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) Recomputed anomaly regression intercept (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2201:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) Recomputed anomaly regression rms (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2213:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (mag) Recomputed anomaly regression correlation (%s) outside %s%% limits.\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2259:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr,"%s %s %d",M.NGDC_id,timeStr,curr+1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2266:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Time out of range\n",placeStr);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2298:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Invalid code %s [%d]\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2310:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Invalid code %s [%d]\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2321:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Invalid code %s [%d]\n", \
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2332:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Invalid code %s [%d]\n",placeStr,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2355:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Invalid code %s [%d]\n",placeStr,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2374:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, D[curr].number[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2375:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - %s out of range [%s]\n", placeStr, mgd77defs[i].abbrev, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2384:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, D[curr].number[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2385:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - %s adjusted %s to +/- 180\n", placeStr, mgd77defs[i].abbrev, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2397:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, D[curr].number[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2398:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - %s out of range [%s]\n", placeStr, mgd77defs[i].abbrev, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2405:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - %s cannot be nine-filled\n", placeStr, mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2434:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, dt);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2435:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Time not monotonically increasing (%s sec.)\n",placeStr, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2441:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, dt);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2442:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - Time decreasing (%s sec.)\n",placeStr, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2526:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, gradient);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2527:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - excessive %s gradient %s\n", placeStr, mgd77defs[i].abbrev, text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2629:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, fabs(offsetArea[i]));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2630:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - excessive offset from %s grid: Area/Length/Height %s\t",placeStr,this_grid[i].abbrev,text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2632:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, offsetLength[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2633:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s\t",text); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2634:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, offsetLength[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2635:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, fabs(offsetArea[i]/offsetLength[i]));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2636:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s\n",text); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2642:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) extended offset from grid (%d-%d)\n",M.NGDC_id,this_grid[i].abbrev,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2685:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - %d duplicate %s records\n",placeStr,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2777:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) encountered possible PDR wrap errors (%.1f) [%.1f]\n",M.NGDC_id,mgd77defs[MGD77_TWT].abbrev,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2786:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - new bathymetry correction table available\n",placeStr);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2790:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - twt may be extracted from depth for Carter correction\n",placeStr);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2801:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - all %s anomalies are zero.\n",placeStr,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2805:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - only found negative %s values.\n",placeStr,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2809:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - all %s values less than or equal to zero.\n",placeStr,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2813:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - only found positive %s values.\n",placeStr,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2817:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s - all %s values greater than or equal to zero.\n",placeStr,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2871:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr, "%s%s%s%s%d%s",M.NGDC_id,GMT->current.setting.io_col_separator,timeStr,GMT->current.setting.io_col_separator,rec+1,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2892:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr, "%s%s%s%s%d%s",M.NGDC_id,GMT->current.setting.io_col_separator,timeStr,GMT->current.setting.io_col_separator,rec+1,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2895:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr, "%c%s%s%s%s%s%d%s",E77_APPLY,GMT->current.setting.io_col_separator,M.NGDC_id,GMT->current.setting.io_col_separator,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2898:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (placeStr, "%c%s%s%s%s%s%d%s",E77_REVIEW,GMT->current.setting.io_col_separator,M.NGDC_id,GMT->current.setting.io_col_separator,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2971:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (time) Cruise contains no time record\n", M.NGDC_id);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2976:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (time) %d records contain no time starting at record #%d\n",M.NGDC_id,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2982:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (time) %d records had time errors starting at record #%d\n",M.NGDC_id,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2988:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (dist) %d records had distance errors starting at record #%d\n",M.NGDC_id,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2995:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Data Precision Warning: only integer values found\n",M.NGDC_id,mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:2999:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Data Precision Warning: only integer multiples of 5 found\n",M.NGDC_id, mgd77defs[i].abbrev);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:3006:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, GMT->current.setting.format_float_out, MaxDiff[i]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:3007:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%s) Max ship-grid difference [%s] at record %d\n",M.NGDC_id,\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:3014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (nav) Navigation Warning: %d records went over land starting at record %d\n",\
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:455:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (comment, "%s %s %s %s %s", ms, mc, mfs, mf, mfc);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:808:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (label, "%s+%s", the_date, the_clock);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:812:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (label, "+%s", the_clock);
data/gmt-6.1.1+dfsg/src/movie.c:1221:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (frame_products, movie_raster_format[Ctrl->F.transparent]); /* psconvert code for the desired PNG image type */
data/gmt-6.1.1+dfsg/src/movie.c:1255:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
run_script = system; /* The standard system function will be used */
data/gmt-6.1.1+dfsg/src/movie.c:1259:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%*s %s %*s", version);
data/gmt-6.1.1+dfsg/src/movie.c:1270:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%*s %*s %s %*s", version);
data/gmt-6.1.1+dfsg/src/movie.c:1330:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (workdir, Ctrl->W.dir);
data/gmt-6.1.1+dfsg/src/movie.c:1332:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (workdir, "%s/%s", API->tmp_dir, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/movie.c:1335:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (workdir, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/movie.c:1368:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (datadir, "%s,%s,%s", topdir, cwd, GMT->session.DATADIR); /* Start with topdir */
data/gmt-6.1.1+dfsg/src/movie.c:1370:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (datadir, "%s,%s", topdir, cwd);
data/gmt-6.1.1+dfsg/src/movie.c:1378:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (init_file, "movie_init.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1386:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Static parameters set for animation sequence %s", Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/movie.c:1412:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pre_file, "movie_preflight.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1462:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "cmd /C %s", pre_file);
data/gmt-6.1.1+dfsg/src/movie.c:1464:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], pre_file);
data/gmt-6.1.1+dfsg/src/movie.c:1465:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/movie.c:1471:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
place_background = (!access ("movie_background.ps", R_OK)); /* Need to place a background layer in the main frames */
data/gmt-6.1.1+dfsg/src/movie.c:1499:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-T%s -o1 -f%s --GMT_HISTORY=false T = %s", Ctrl->T.file, GMT->common.f.string, output);
data/gmt-6.1.1+dfsg/src/movie.c:1501:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-T%s -o1 --GMT_HISTORY=false T = %s", Ctrl->T.file, output);
data/gmt-6.1.1+dfsg/src/movie.c:1565:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (post_file, "movie_postflight.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1614:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "cmd /C %s", post_file);
data/gmt-6.1.1+dfsg/src/movie.c:1616:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], post_file);
data/gmt-6.1.1+dfsg/src/movie.c:1671:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->Q.active) strcat (frame_products, MOVIE_DEBUG_FORMAT); /* Want to save original PS file for debug */
data/gmt-6.1.1+dfsg/src/movie.c:1684:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "movie_params_%s", state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1685:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (param_file, "%s.%s", state_prefix, extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1691:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "Parameter file for pre-frame %s", state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1693:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "%s_%s", Ctrl->N.prefix, state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1705:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (intro_file, "movie_intro.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1712:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (extra, "A+n+r+f%s", gmt_place_var (Ctrl->In.mode, "MOVIE_FADE")); /* No cropping, image size is fixed, possibly fading */
data/gmt-6.1.1+dfsg/src/movie.c:1713:44: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->E.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->E.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:1716:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->E.file);
data/gmt-6.1.1+dfsg/src/movie.c:1721:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, htxt);
data/gmt-6.1.1+dfsg/src/movie.c:1800:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "movie_params_%s", state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1801:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (param_file, "%s.%s", state_prefix, extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1807:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "Parameter file for frame %s", state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1809:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (state_prefix, "%s_%s", Ctrl->N.prefix, state_tag);
data/gmt-6.1.1+dfsg/src/movie.c:1871:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (font, "+%s", gmt_putfont (GMT, &I->font));
data/gmt-6.1.1+dfsg/src/movie.c:1873:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (font, "%s", gmt_putfont (GMT, F));
data/gmt-6.1.1+dfsg/src/movie.c:1875:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (label, "MOVIE_%c: %c|%g|%g|%g|%g|%d|%g|%g|%s|%s|%s|%s|%s|", which[k], I->kind, I->x, I->y, t, I->width,
data/gmt-6.1.1+dfsg/src/movie.c:1887:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, (int)use_frame);
data/gmt-6.1.1+dfsg/src/movie.c:1889:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, (double)use_frame);
data/gmt-6.1.1+dfsg/src/movie.c:1895:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, (int)irint (100.0 * t));
data/gmt-6.1.1+dfsg/src/movie.c:1897:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, (100.0 * t));
data/gmt-6.1.1+dfsg/src/movie.c:1909:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 4: sprintf (string, I->format, dd, hh, mm, ss); break;
data/gmt-6.1.1+dfsg/src/movie.c:1910:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 3: sprintf (string, I->format, hh, mm, ss); break;
data/gmt-6.1.1+dfsg/src/movie.c:1911:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 2: sprintf (string, I->format, mm, ss); break;
data/gmt-6.1.1+dfsg/src/movie.c:1912:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 1: sprintf (string, I->format, ss); break;
data/gmt-6.1.1+dfsg/src/movie.c:1921:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s", date);
data/gmt-6.1.1+dfsg/src/movie.c:1923:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s", clock);
data/gmt-6.1.1+dfsg/src/movie.c:1925:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s%c%s", date, spacer, clock);
data/gmt-6.1.1+dfsg/src/movie.c:1929:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, (int)irint (L_col));
data/gmt-6.1.1+dfsg/src/movie.c:1931:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, L_col);
data/gmt-6.1.1+dfsg/src/movie.c:1943:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (L_txt, word);
data/gmt-6.1.1+dfsg/src/movie.c:1946:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (string, I->format, L_txt);
data/gmt-6.1.1+dfsg/src/movie.c:1948:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, L_txt);
data/gmt-6.1.1+dfsg/src/movie.c:1951:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, I->format);
data/gmt-6.1.1+dfsg/src/movie.c:1952:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (label, string);
data/gmt-6.1.1+dfsg/src/movie.c:1970:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (master_file, "movie_master.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:1987:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (extra, "A+n+r+f%s", gmt_place_var (Ctrl->In.mode, "MOVIE_FADE")); /* No cropping, image size is fixed, but fading may be in effect for some frames */
data/gmt-6.1.1+dfsg/src/movie.c:1988:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->K.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->K.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:1993:48: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->G.mode & 1) strcat (extra, "+p"), strcat (extra, Ctrl->G.pen);
data/gmt-6.1.1+dfsg/src/movie.c:1994:48: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->G.mode & 2) strcat (extra, "+g"), strcat (extra, Ctrl->G.fill);
data/gmt-6.1.1+dfsg/src/movie.c:1999:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->E.file);
data/gmt-6.1.1+dfsg/src/movie.c:2003:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access ("movie_background.ps", R_OK)) /* Need to place a background layer first (which is in parent dir when loop script is run) */
data/gmt-6.1.1+dfsg/src/movie.c:2007:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->S[MOVIE_PREFLIGHT].file);
data/gmt-6.1.1+dfsg/src/movie.c:2009:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access ("movie_foreground.ps", R_OK)) /* Need to append foreground layer at end (which is in parent dir when script is run) */
data/gmt-6.1.1+dfsg/src/movie.c:2013:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->S[MOVIE_POSTFLIGHT].file);
data/gmt-6.1.1+dfsg/src/movie.c:2108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %*.*d", sc_call[Ctrl->In.mode], master_file, precision, precision, Ctrl->M.frame);
data/gmt-6.1.1+dfsg/src/movie.c:2132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s %s\n", rmdir[Ctrl->In.mode], workdir);
data/gmt-6.1.1+dfsg/src/movie.c:2133:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (line))) {
data/gmt-6.1.1+dfsg/src/movie.c:2148:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (main_file, "movie_frame.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:2156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (extra, "A+n+r+f%s", gmt_place_var (Ctrl->In.mode, "MOVIE_FADE")); /* No cropping, image size is fixed, but fading may be in effect for some frames */
data/gmt-6.1.1+dfsg/src/movie.c:2157:44: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->K.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->K.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:2162:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->G.mode & 1) strcat (extra, "+p"), strcat (extra, Ctrl->G.pen);
data/gmt-6.1.1+dfsg/src/movie.c:2163:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->G.mode & 2) strcat (extra, "+g"), strcat (extra, Ctrl->G.fill);
data/gmt-6.1.1+dfsg/src/movie.c:2165:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access ("movie_background.ps", R_OK)) { /* Need to place a background layer first (which will be in parent dir when loop script is run) */
data/gmt-6.1.1+dfsg/src/movie.c:2170:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->S[MOVIE_PREFLIGHT].file);
data/gmt-6.1.1+dfsg/src/movie.c:2172:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access ("movie_foreground.ps", R_OK)) { /* Need to append foreground layer at end (which will be in parent dir when script is run) */
data/gmt-6.1.1+dfsg/src/movie.c:2178:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, Ctrl->S[MOVIE_POSTFLIGHT].file);
data/gmt-6.1.1+dfsg/src/movie.c:2183:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, htxt);
data/gmt-6.1.1+dfsg/src/movie.c:2255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "start /B %s %s %*.*d", sc_call[Ctrl->In.mode], script_file, precision, precision, frame);
data/gmt-6.1.1+dfsg/src/movie.c:2257:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %*.*d &", sc_call[Ctrl->In.mode], script_file, precision, precision, frame);
data/gmt-6.1.1+dfsg/src/movie.c:2259:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %*.*d &", sc_call[Ctrl->In.mode], script_file, precision, precision, frame);
data/gmt-6.1.1+dfsg/src/movie.c:2263:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/movie.c:2280:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (png_file, "%s_%*.*d.%s", Ctrl->N.prefix, precision, precision, Ctrl->T.start_frame+k, MOVIE_RASTER_EXTENSION);
data/gmt-6.1.1+dfsg/src/movie.c:2281:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (png_file, F_OK)) continue; /* Not found yet */
data/gmt-6.1.1+dfsg/src/movie.c:2322:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "gm convert -delay %u -loop %u +dither %s%c%s_%s.%s %s.gif", delay, Ctrl->A.loops, workdir, dir_sep, Ctrl->N.prefix, files, MOVIE_RASTER_EXTENSION, Ctrl->N.prefix);
data/gmt-6.1.1+dfsg/src/movie.c:2325:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/movie.c:2343:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "ffmpeg -loglevel %s -f image2 -framerate %g -y -i \"%s%c%s_%s.%s\" -vcodec libx264 %s -pix_fmt yuv420p %s.mp4",
data/gmt-6.1.1+dfsg/src/movie.c:2347:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/movie.c:2365:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "ffmpeg -loglevel %s -f image2 -framerate %g -y -i \"%s%c%s_%s.%s\" -vcodec %s %s -pix_fmt %s %s.webm",
data/gmt-6.1.1+dfsg/src/movie.c:2370:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((error = system (cmd))) {
data/gmt-6.1.1+dfsg/src/movie.c:2378:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cleanup_file, "movie_cleanup.%s", extension[Ctrl->In.mode]);
data/gmt-6.1.1+dfsg/src/movie.c:2415:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
error = system (cleanup_file);
data/gmt-6.1.1+dfsg/src/movie.c:2417:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", sc_call[Ctrl->In.mode], cleanup_file);
data/gmt-6.1.1+dfsg/src/movie.c:2418:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
error = system (cmd);
data/gmt-6.1.1+dfsg/src/nearneighbor.c:568:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s)\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:306:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# define access _access
data/gmt-6.1.1+dfsg/src/postscriptlight.c:991:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt, "%s_n", prefix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1562:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[0][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1566:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[1][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1570:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[2][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1574:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[3][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1578:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[4][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1582:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[5][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1586:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[6][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1590:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[7][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1594:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[8][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1598:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[9][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1602:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[10][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1606:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[11][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1610:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[12][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1614:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[13][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1618:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[14][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1622:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, psl_scandcodes[15][he]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1724:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s%s", stem, suffix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1725:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path); /* Yes, found it in current directory */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1738:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", PSL->internal.USERDIR, stem, suffix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1739:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1740:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/cache/%s%s", PSL->internal.USERDIR, stem, suffix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1741:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1747:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/%s%s", PSL->internal.SHAREDIR, subdir, stem, suffix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1748:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1753:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s%s", PSL->internal.SHAREDIR, stem, suffix);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1754:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (path, R_OK)) return (path);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2481:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (PSL->internal.user_image[PSL->internal.n_userimages], imagefile);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3176:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (buf, "%s %lf %d", fullname, &PSL->internal.font[i].height, &PSL->internal.font[i].encoded) != 3) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3363:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, PSL->current.bw_format, rgb[0]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3367:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, PSL->current.bw_format, PSL_YIQ(rgb));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3371:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, PSL->current.rgb_format, rgb[0], rgb[1], rgb[2]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3377:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, PSL->current.cmyk_format, cmyk[0], cmyk[1], cmyk[2], cmyk[3]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3383:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, PSL->current.hsv_format, hsv[0], hsv[1], hsv[2]);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3387:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&text[strlen(text)], " %.12g /%s PSL_transp", 1.0 - rgb[3], PSL->current.transparency_mode);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3454:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(PSL->internal.SHAREDIR, R_OK)) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3470:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (PSL->internal.USERDIR, R_OK)) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3589:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, val);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4404:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (PSL_encoding, "PSL_%s", PSL->init.encoding); /* Prepend the PSL_ prefix */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (PSL_encoding, "PSL_%s", PSL->init.encoding); /* Prepend the PSL_ prefix */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4715:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%d W %s %s", psl_ip (PSL, linewidth), psl_putcolor (PSL, rgb), psl_putdash (PSL, pattern, offset));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4722:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s %d F%d", psl_putcolor (PSL, rgb), psl_ip (PSL, size), PSL->current.font_no);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4736:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s", psl_putcolor (PSL, rgb));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4956:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempstring, string);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5040:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr[0]) strcpy (previous, ptr); /* Keep copy of possibly previous text */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5057:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr[0]) strcpy (previous, ptr); /* Keep copy of possibly previous text */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5109:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (piece, ptr);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5367:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr[0]) strcpy (previous, ptr); /* Keep copy of possibly previous text */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5384:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr[0]) strcpy (previous, ptr); /* Keep copy of possibly previous text */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5892:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t len = vsnprintf (tmp_buffer, 4096, format, args);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5899:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (C->internal.fp, format, args);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5910:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t len = vsnprintf (tmp_buffer, PSL_BUFSIZ, format, args);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5921:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (C->internal.fp, format, args);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5931:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (C->init.err, format, args);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5946:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (fp, format, args);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1400:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, txt);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1406:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, txt);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1413:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, txt);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1419:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, txt);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:733:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (save, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:742:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.setting.format_float_out, save);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:962:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s", text);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:966:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %lg %lg %lg", ver_txt, &in[0], &in[1], &in[2]) !=4)
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:973:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %lg %lg %lg", ver_txt, &in[0], &in[1], &in[2]) !=4)
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:980:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %lg %lg %lg", ver_txt, &in[0], &in[1], &in[2]) !=4)
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:213:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (opt->arg, "%d/%lf/%lf/%s", &Ctrl->C.n_pt, &Ctrl->C.theor_inc, &Ctrl->misc.z_level, t_or_b);
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:319:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (combined, "%s%s", opt->arg, argument);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:257:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int n = sscanf (arg, "%[^/]/%[^/]/%s", A, B, C);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:317:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, format, T->value*T->scale, gmt_modeltime_unit (T->u));
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:319:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, format, T->value*T->scale, T->unit);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:321:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, format, T->value);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1054:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (Tin->table[0]->segment[seg]->text[row], "%s %s", file, t_arg);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1170:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (remark, "Solution for t = %g %s", Ctrl->T.time[t_eval].value * Ctrl->T.time[t_eval].scale,
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1178:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, Ctrl->G.file);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1197:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s\t", file);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1198:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp, time_fmt, Ctrl->T.time[t_eval].value * Ctrl->T.time[t_eval].scale, Ctrl->T.time[t_eval].unit);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1199:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, tmp);
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1202:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s", file);
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:1220:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(frmt, "Thread %%d%s Row = %%d\t of = %%.3d\r", tabs);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:227:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (opt->arg, "%[^/]/%s", T1, T2)) == 2) {
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:437:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (text[rec], "%s %s", txt_x, txt_y);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:872:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, Ctrl->G.file);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:876:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s\t", file);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:877:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (tmp, time_fmt, Ctrl->T.time[t].value * Ctrl->T.time[t].scale, Ctrl->T.time[t].unit);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:878:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, tmp);
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:881:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (record, file);
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:1015:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (remark, "Calculated 3-D %s", kind[Ctrl->F.mode]);
data/gmt-6.1.1+dfsg/src/project.c:413:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/project.c:434:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/project.c:479:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) == 2) { /* Got dist/colat */
data/gmt-6.1.1+dfsg/src/project.c:508:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) != 2) {
data/gmt-6.1.1+dfsg/src/project.c:972:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GMT->current.io.segment_header, "%s", z_header);
data/gmt-6.1.1+dfsg/src/project.c:974:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GMT->current.io.segment_header, "%s-circle Pole at %g %g", type[kind], P.plon, P.plat);
data/gmt-6.1.1+dfsg/src/psbasemap.c:294:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, " Geographical coordinates for a (%s) rectangular plot domain outline polygon", kind[GMT->common.R.oblique]);
data/gmt-6.1.1+dfsg/src/pscoast.c:537:78: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:538:78: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:539:78: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:540:78: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[YHI], GMT_OUT, GMT_Y); strcat (record, text);
data/gmt-6.1.1+dfsg/src/pscoast.c:867:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s extracted from the %s resolution GSHHG version %s database\n", kind[id], shore_resolution[base], version);
data/gmt-6.1.1+dfsg/src/pscontour.c:1464:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (cont_label, format, cont[c].val);
data/gmt-6.1.1+dfsg/src/psconvert.c:55:10: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# define execv _execv
data/gmt-6.1.1+dfsg/src/psconvert.c:99:67: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define add_to_list(list,item) { if (list[0]) strcat (list, " "); strcat (list, item); }
data/gmt-6.1.1+dfsg/src/psconvert.c:100:68: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define add_to_qlist(list,item) { if (list[0]) strcat (list, " "); strcat (list, squote); strcat (list, item); strcat (list, squote); }
data/gmt-6.1.1+dfsg/src/psconvert.c:100:92: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define add_to_qlist(list,item) { if (list[0]) strcat (list, " "); strcat (list, squote); strcat (list, item); strcat (list, squote); }
data/gmt-6.1.1+dfsg/src/psconvert.c:100:113: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define add_to_qlist(list,item) { if (list[0]) strcat (list, " "); strcat (list, squote); strcat (list, item); strcat (list, squote); }
data/gmt-6.1.1+dfsg/src/psconvert.c:219:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/bin/sh", "sh", "-c", cmdline, NULL);
data/gmt-6.1.1+dfsg/src/psconvert.c:274:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (&arg[k], "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/psconvert.c:324:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (&p[1], "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/psconvert.c:367:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (&p[k], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/psconvert.c:713:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Ctrl->G.file, "%c%s%c", quote, opt->arg, quote);
data/gmt-6.1.1+dfsg/src/psconvert.c:864:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (Ctrl->M[j].file && access (Ctrl->M[j].file, F_OK)) {
data/gmt-6.1.1+dfsg/src/psconvert.c:883:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->L.active && access (Ctrl->L.file, R_OK),
data/gmt-6.1.1+dfsg/src/psconvert.c:1001:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s -", Ctrl->G.file, gs_BB, Ctrl->C.arg); /* Set up gs command */
data/gmt-6.1.1+dfsg/src/psconvert.c:1016:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen (cmd, "w")) == NULL) { /* Failed popen-job, exit */
data/gmt-6.1.1+dfsg/src/psconvert.c:1062:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (buf, "%s %lf %lf %lf %lf", t, &x0, &y0, &x1, &y1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1171:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -r%g -g%dx%d ", Ctrl->G.file, Ctrl->E.dpi, pix_w, pix_h);
data/gmt-6.1.1+dfsg/src/psconvert.c:1172:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strlen(gs_params) < 450) strcat (cmd, gs_params); /* We know it is but Coverity doesn't, and complains */
data/gmt-6.1.1+dfsg/src/psconvert.c:1189:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen (cmd, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1203:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen (cmd, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1337:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t, " -sDEVICE=%s %s -sOutputFile=", device[Ctrl->T.device], device_options[Ctrl->T.device]);
data/gmt-6.1.1+dfsg/src/psconvert.c:1338:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, t);
data/gmt-6.1.1+dfsg/src/psconvert.c:1344:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (t, "%s/psconvert_tmp", API->tmp_dir);
data/gmt-6.1.1+dfsg/src/psconvert.c:1350:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, t); strcat (out_file, " -");
data/gmt-6.1.1+dfsg/src/psconvert.c:1353:35: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strncat (out_file, squote, 1); strcat (out_file, t); strncat (out_file, squote, 1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1371:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newfile, "%s/psconvert_sandwich_%d.ps", GMT->parent->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1640:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (ps_names[0], F_OK) == 0) { /* File exist, so complete it */
data/gmt-6.1.1+dfsg/src/psconvert.c:1700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd2, "%s%s -q -dNOPAUSE -dBATCH -dNOSAFER -sDEVICE=pdfwrite %s%s -r%g -sOutputFile=%c%s.pdf%c %s",
data/gmt-6.1.1+dfsg/src/psconvert.c:1704:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd2); /* Execute the Ghostscript command */
data/gmt-6.1.1+dfsg/src/psconvert.c:1729:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ps_file, "%s/psconvert_stream_%d.ps", API->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1757:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (no_U_file, "%s/psconvert_%db.eps", API->gwf_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1759:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (no_U_file, "%s/psconvert_%db.eps", Ctrl->D.dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1816:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (BB_file, "%s/psconvert_%dc.bb", API->gwf_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1818:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (BB_file, "%s/psconvert_%dc.bb", Ctrl->D.dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1820:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s%s %s %s %c%s%c 2> %c%s%c",
data/gmt-6.1.1+dfsg/src/psconvert.c:1823:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd); /* Execute the command that computes the tight BB */
data/gmt-6.1.1+dfsg/src/psconvert.c:1852:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[19], "%s %s %s %s", c1, c2, c3, c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:1861:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file, "%s/", Ctrl->D.dir);
data/gmt-6.1.1+dfsg/src/psconvert.c:1863:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp_file, ext[Ctrl->T.device]);
data/gmt-6.1.1+dfsg/src/psconvert.c:1864:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s%s %s %s%s -sDEVICE=%s %s -g1x1 -r%g -sOutputFile=%c%s%c %c%s%c",
data/gmt-6.1.1+dfsg/src/psconvert.c:1869:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd); /* Execute the Ghostscript command */
data/gmt-6.1.1+dfsg/src/psconvert.c:1914:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (Ctrl->D.active) sprintf (tmp_file, "%s/", Ctrl->D.dir); /* Use specified output directory */
data/gmt-6.1.1+dfsg/src/psconvert.c:1918:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp_file, Ctrl->F.file);
data/gmt-6.1.1+dfsg/src/psconvert.c:1920:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tmp_file, ext[GS_DEV_EPS]);
data/gmt-6.1.1+dfsg/src/psconvert.c:1928:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file, "%s/psconvert_%dd.eps", API->gwf_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1930:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file, "%s/psconvert_%dd.eps", Ctrl->D.dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psconvert.c:1946:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[14], "%s %s %s %s",c1,c2,c3,c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:1960:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[19], "%s %s %s %s",c1,c2,c3,c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:2039:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[8], "%s %s %s %s %s %s %s %s %s",proj4_name,xx1,xx2,yy1,yy2,c1,c2,c3,c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:2076:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[16], "%s %s %s %s",c1,c2,c3,c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:2151:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (line_, "%s %s %s %*s %*s %*s %s %s", c1, t1, t2, c2, c3);
data/gmt-6.1.1+dfsg/src/psconvert.c:2153:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (line_, "%s %s %s", c1, c2, c3);
data/gmt-6.1.1+dfsg/src/psconvert.c:2336:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (Ctrl->D.active) sprintf (out_file, "%s/", Ctrl->D.dir); /* Use specified output directory */
data/gmt-6.1.1+dfsg/src/psconvert.c:2340:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, Ctrl->F.file);
data/gmt-6.1.1+dfsg/src/psconvert.c:2342:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, ext[Ctrl->T.device]);
data/gmt-6.1.1+dfsg/src/psconvert.c:2357:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s%s %s %s%s -sDEVICE=%s %s %s -sOutputFile=%c%s%c %c%s%c",
data/gmt-6.1.1+dfsg/src/psconvert.c:2368:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd);
data/gmt-6.1.1+dfsg/src/psconvert.c:2376:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (out_file, R_OK)) { /* output file not created */
data/gmt-6.1.1+dfsg/src/psconvert.c:2398:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pdf_file, out_file); /* Now the PDF is the infile */
data/gmt-6.1.1+dfsg/src/psconvert.c:2400:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (Ctrl->D.active) sprintf (out_file, "%s/", Ctrl->D.dir); /* Use specified output directory */
data/gmt-6.1.1+dfsg/src/psconvert.c:2404:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, Ctrl->F.file);
data/gmt-6.1.1+dfsg/src/psconvert.c:2405:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out_file, ext[Ctrl->T.device]);
data/gmt-6.1.1+dfsg/src/psconvert.c:2407:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s%s %s %s%s -sDEVICE=%s %s %s -sOutputFile=%c%s%c %c%s%c",
data/gmt-6.1.1+dfsg/src/psconvert.c:2417:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd);
data/gmt-6.1.1+dfsg/src/psconvert.c:2471:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (line, "%" PRIu64 " %" PRIu64, &dim[GMT_X], &dim[GMT_Y]) != 2) {
data/gmt-6.1.1+dfsg/src/psconvert.c:2545:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (Ctrl->D.active) sprintf (world_file, "%s/", Ctrl->D.dir); /* Use specified output directory */
data/gmt-6.1.1+dfsg/src/psconvert.c:2549:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(world_file, out_file);
data/gmt-6.1.1+dfsg/src/psconvert.c:2558:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (world_file, wext);
data/gmt-6.1.1+dfsg/src/psconvert.c:2585:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "gdal_translate -mo TIFFTAG_XRESOLUTION=%g -mo TIFFTAG_YRESOLUTION=%g -a_srs %c%s%c "
data/gmt-6.1.1+dfsg/src/psconvert.c:2589:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_retval = system (cmd); /* Execute the gdal_translate command */
data/gmt-6.1.1+dfsg/src/psconvert.c:2603:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (kml_file, "%s/", Ctrl->D.dir); /* Use specified output directory */
data/gmt-6.1.1+dfsg/src/psconvert.c:2607:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (kml_file, out_file);
data/gmt-6.1.1+dfsg/src/psconvert.c:2730:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (data, "%s/gswin64c.exe", API->GMT->init.runtime_bindir);
data/gmt-6.1.1+dfsg/src/psconvert.c:2731:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (data, R_OK)) goto FOUNDGS;
data/gmt-6.1.1+dfsg/src/psconvert.c:2732:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (data, "%s/gswin32c.exe", API->GMT->init.runtime_bindir);
data/gmt-6.1.1+dfsg/src/psconvert.c:2733:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (data, R_OK)) goto FOUNDGS;
data/gmt-6.1.1+dfsg/src/psconvert.c:2770:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(key, ver);
data/gmt-6.1.1+dfsg/src/psconvert.c:2807:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, bits64 ? "\\gswin64c.exe" : "\\gswin32c.exe");
data/gmt-6.1.1+dfsg/src/psconvert.c:2810:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (data, R_OK)) {
data/gmt-6.1.1+dfsg/src/psconvert.c:2818:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->G.file, "\"%s\"", data);
data/gmt-6.1.1+dfsg/src/psevents.c:506:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file_symbols, "%s_symbols.txt", Ctrl->Q.file);
data/gmt-6.1.1+dfsg/src/psevents.c:508:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file_symbols, "%s/GMT_psevents_symbols_%d.txt", API->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psevents.c:582:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file_labels, "%s_labels.txt", Ctrl->Q.file);
data/gmt-6.1.1+dfsg/src/psevents.c:584:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file_labels, "%s/GMT_psevents_labels_%d.txt", API->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psevents.c:632:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -R -J -O -K -I -t -S%s --GMT_HISTORY=false --PROJ_LENGTH_UNIT=%s", tmp_file_symbols, Ctrl->S.symbol, GMT->session.unit_name[GMT->current.setting.proj_length_unit]);
data/gmt-6.1.1+dfsg/src/psevents.c:633:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->C.active) {strcat (cmd, " -C"); strcat (cmd, Ctrl->C.file);}
data/gmt-6.1.1+dfsg/src/psevents.c:634:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->G.active) {strcat (cmd, " -G"); strcat (cmd, Ctrl->G.color);}
data/gmt-6.1.1+dfsg/src/psevents.c:635:42: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->W.pen) {strcat (cmd, " -W"); strcat (cmd, Ctrl->W.pen);}
data/gmt-6.1.1+dfsg/src/psevents.c:651:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -R -J -O -K -t --GMT_HISTORY=false", tmp_file_labels);
data/gmt-6.1.1+dfsg/src/psevents.c:652:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->D.active) {strcat (cmd, " -D"); strcat (cmd, Ctrl->D.string);}
data/gmt-6.1.1+dfsg/src/psevents.c:653:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->F.active) {strcat (cmd, " -F"); strcat (cmd, Ctrl->F.string);}
data/gmt-6.1.1+dfsg/src/pshistogram.c:907:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Extreme values of the data :\t%s\t%s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/pshistogram.c:909:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Locations: L2, L1, LMS; Scales: L2, L1, LMS\t%s\t%s\t%s\t%s\t%s\t%s\n",
data/gmt-6.1.1+dfsg/src/pshistogram.c:954:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "min/max values are :\t%s\t%s\t%s\t%s\n",
data/gmt-6.1.1+dfsg/src/pshistogram.c:1094:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Use w/e/s/n = %s/%s/%s/%s and x-tick/y-tick = %s/%s\n",
data/gmt-6.1.1+dfsg/src/psimage.c:158:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "x%s/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/psimage.c:161:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, txt_c);
data/gmt-6.1.1+dfsg/src/psimage.c:207:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "+c0+p%s", opt->arg);
data/gmt-6.1.1+dfsg/src/pslegend.c:190:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%[^/]/%s", xx, yy, txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/pslegend.c:257:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmparg, "+g%s", opt->arg);
data/gmt-6.1.1+dfsg/src/pslegend.c:554:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%*s %*s %s", bar_height);
data/gmt-6.1.1+dfsg/src/pslegend.c:569:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:576:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s", txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:582:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %[^\n]", size, font, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:584:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %[^\n]", font, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:586:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s", gmt_putfont (GMT, &GMT->current.setting.font_title));
data/gmt-6.1.1+dfsg/src/pslegend.c:588:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp, font); /* Gave a font specification */
data/gmt-6.1.1+dfsg/src/pslegend.c:593:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s,%s", size, font); /* Put size, font together for parsing by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pslegend.c:607:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s", image, size, key);
data/gmt-6.1.1+dfsg/src/pslegend.c:623:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s %[^\n]", size, font, key, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:625:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %[^\n]", font, key, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:627:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s", gmt_putfont (GMT, &GMT->current.setting.font_label));
data/gmt-6.1.1+dfsg/src/pslegend.c:629:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp, font); /* Gave a font specification */
data/gmt-6.1.1+dfsg/src/pslegend.c:634:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s,%s", size, font); /* Put size, font together for parsing by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pslegend.c:651:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s %s %s %s", txt_a, txt_b, txt_c, txt_d, txt_e, txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:708:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (line, "%*s %*s %s %s %*s %*s %s %[^\n]", symbol, size, txt_b, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:913:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (def_txtcolor, "%s", gmt_putcolor (GMT, GMT->current.setting.font_annot[GMT_PRIMARY].fill.rgb));
data/gmt-6.1.1+dfsg/src/pslegend.c:914:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txtcolor, "%s", gmt_putcolor (GMT, GMT->current.setting.font_annot[GMT_PRIMARY].fill.rgb));
data/gmt-6.1.1+dfsg/src/pslegend.c:952:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s %[^\n]", bar_cpt, bar_gap, bar_height, module_options);
data/gmt-6.1.1+dfsg/src/pslegend.c:953:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bar_modifiers, bar_height); /* Save the entire modifier string */
data/gmt-6.1.1+dfsg/src/pslegend.c:958:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-C%s -O -K -Dx%gi/%gi+w%gi/%s+h+jTC %s --GMT_HISTORY=false", bar_cpt, Ctrl->D.refpoint->x + 0.5 * Ctrl->D.dim[GMT_X], row_base_y, Ctrl->D.dim[GMT_X] - 2 * x_off, bar_modifiers, module_options);
data/gmt-6.1.1+dfsg/src/pslegend.c:975:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txtcolor, def_txtcolor);
data/gmt-6.1.1+dfsg/src/pslegend.c:985:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (&line[2], "%s %s %s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:993:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt_c, txt_b);
data/gmt-6.1.1+dfsg/src/pslegend.c:994:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt_b, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1003:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt_b, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1054:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s", txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1064:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %[^\n]", size, font, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1066:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %[^\n]", font, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1068:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s", gmt_putfont (GMT, &GMT->current.setting.font_title));
data/gmt-6.1.1+dfsg/src/pslegend.c:1070:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp, font); /* Gave a font specification */
data/gmt-6.1.1+dfsg/src/pslegend.c:1075:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s,%s,%s", size, font, txtcolor); /* Put size, font and color together for parsing by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pslegend.c:1089:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s BC %s", gmt_putfont (GMT, &ifont), text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1109:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s", image, size, key);
data/gmt-6.1.1+dfsg/src/pslegend.c:1124:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-O -K %s -Dx%gi/%gi+j%s+w%s --GMT_HISTORY=false", &image[first], x_off, row_base_y, key, size);
data/gmt-6.1.1+dfsg/src/pslegend.c:1138:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %s %[^\n]", size, font, key, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1140:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%s %s %[^\n]", font, key, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1142:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s", gmt_putfont (GMT, &GMT->current.setting.font_label));
data/gmt-6.1.1+dfsg/src/pslegend.c:1144:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp, font); /* Gave a font specification */
data/gmt-6.1.1+dfsg/src/pslegend.c:1149:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s,%s,%s", size, font, txtcolor); /* Put size, font and color together for parsing by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pslegend.c:1180:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s B%s %s", gmt_putfont (GMT, &ifont), key, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1196:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (&line[2], "%s %s %s %s %s %s", txt_a, txt_b, txt_c, txt_d, txt_e, txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:1200:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (r_options, "%s %s", txt_e, txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:1205:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (module_options, txt_d);
data/gmt-6.1.1+dfsg/src/pslegend.c:1207:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (r_options, "%s %s", txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/pslegend.c:1210:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (module_options, " %s", txt_d);
data/gmt-6.1.1+dfsg/src/pslegend.c:1211:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (r_options, "%s %s", txt_e, txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:1214:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (r_options, "%s %s", txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/pslegend.c:1215:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (module_options, " %s", txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:1218:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (r_options, "%s %s", txt_d, txt_f);
data/gmt-6.1.1+dfsg/src/pslegend.c:1219:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (module_options, " %s", txt_e);
data/gmt-6.1.1+dfsg/src/pslegend.c:1240:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mapscale, "x%gi/%gi+c%s+jTC+w%s", Ctrl->D.refpoint->x + 0.5 * Ctrl->D.dim[GMT_X], row_base_y, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:1242:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mapscale, "x%gi/%gi+c%s/%s+jTC+w%s", Ctrl->D.refpoint->x + 0.5 * Ctrl->D.dim[GMT_X], row_base_y, txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:1244:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s -O -K -L%s", r_options, mapscale);
data/gmt-6.1.1+dfsg/src/pslegend.c:1251:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R%s -J%s -O -K -L%s", GMT->common.R.string, GMT->common.J.string, mapscale);
data/gmt-6.1.1+dfsg/src/pslegend.c:1253:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (module_options[0]) strcat (buffer, module_options);
data/gmt-6.1.1+dfsg/src/pslegend.c:1300:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&line[1], "%s %s %s %s %s %s %s %s %s", xx, yy, size, angle, font, key, lspace, tw, jj);
data/gmt-6.1.1+dfsg/src/pslegend.c:1308:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s,%s,", size, font);
data/gmt-6.1.1+dfsg/src/pslegend.c:1319:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&line[1], "%s %s %s %s %s %s %s %s", xx, yy, tmp, angle, key, lspace, tw, jj);
data/gmt-6.1.1+dfsg/src/pslegend.c:1330:36: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (n == 0 || tmp[0] == '-') sprintf (tmp, "%gp,%d,%s", GMT->current.setting.font_annot[GMT_PRIMARY].size, GMT->current.setting.font_annot[GMT_PRIMARY].id, txtcolor);
data/gmt-6.1.1+dfsg/src/pslegend.c:1341:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s %s %s %s %s %s %s %s", xx, yy, angle, tmp, key, lspace, tw, jj);
data/gmt-6.1.1+dfsg/src/pslegend.c:1354:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (&line[2], "%s %s %s %s %s %s %[^\n]", txt_a, symbol, size, txt_c, txt_d, txt_b, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1391:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int n = sscanf (size, "%[^/]/%[^/]/%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1408:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sub, c);
data/gmt-6.1.1+dfsg/src/pslegend.c:1413:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-Sf%s/%gi%s", B, tlen, sub);
data/gmt-6.1.1+dfsg/src/pslegend.c:1414:54: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (txt_c[0] != '-') {strcat (buffer, " -G"); strcat (buffer, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1415:54: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (txt_d[0] != '-') {strcat (buffer, " -W"); strcat (buffer, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1438:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-S%s", symbol);
data/gmt-6.1.1+dfsg/src/pslegend.c:1439:54: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (txt_d[0] != '-') {strcat (buffer, " -W"); strcat (buffer, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1461:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sub, "%s", symbol);
data/gmt-6.1.1+dfsg/src/pslegend.c:1466:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1483:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1501:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%s", A, B);
data/gmt-6.1.1+dfsg/src/pslegend.c:1513:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sub, "%s%s+jc+e", symbol, &size[i]);
data/gmt-6.1.1+dfsg/src/pslegend.c:1516:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sub, symbol);
data/gmt-6.1.1+dfsg/src/pslegend.c:1527:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else { strcat (sub, "+g"); strcat (sub, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1534:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sub, "+p"); strcat (sub, gmt_putpen (API->GMT, &pen));
data/gmt-6.1.1+dfsg/src/pslegend.c:1541:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%s", A, B);
data/gmt-6.1.1+dfsg/src/pslegend.c:1555:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1572:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1589:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else { strcat (sub, "+g"); strcat (sub, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1591:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else { strcat (sub, "+p"); strcat (sub, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1599:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (size, "%[^,],%[^,],%s", A, B, C);
data/gmt-6.1.1+dfsg/src/pslegend.c:1623:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sprintf (buffer, "-G"); strcat (buffer, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:1624:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, " -W"); strcat (buffer, txt_d);
data/gmt-6.1.1+dfsg/src/pslegend.c:1638:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%gp,%d,%s BL %s", GMT->current.setting.font_annot[GMT_PRIMARY].size, GMT->current.setting.font_annot[GMT_PRIMARY].id, txtcolor, text);
data/gmt-6.1.1+dfsg/src/pslegend.c:1666:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%g %g 0 %gp,%d,%s TL %gi %gi j", col_left_x, row_base_y - d_off, GMT->current.setting.font_annot[GMT_PRIMARY].size, GMT->current.setting.font_annot[GMT_PRIMARY].id, txtcolor, one_line_spacing, Ctrl->D.dim[GMT_X] - 2.0 * Ctrl->C.off[GMT_X]);
data/gmt-6.1.1+dfsg/src/pslegend.c:1682:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scan = sscanf (&line[2], "%s %s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/pslegend.c:1684:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (txt_b, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1741:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R0/%g/0/%g -Jx1i -O -K -N -Sf0.1i %s --GMT_HISTORY=false", GMT->current.proj.rect[XHI], GMT->current.proj.rect[YHI], string);
data/gmt-6.1.1+dfsg/src/pslegend.c:1764:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R0/%g/0/%g -Jx1i -O -K -N -Sqn1 %s --GMT_HISTORY=false", GMT->current.proj.rect[XHI], GMT->current.proj.rect[YHI], string);
data/gmt-6.1.1+dfsg/src/pslegend.c:1788:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R0/%g/0/%g -Jx1i -O -K -N -S %s --PROJ_LENGTH_UNIT=inch --GMT_HISTORY=false", GMT->current.proj.rect[XHI], GMT->current.proj.rect[YHI], string);
data/gmt-6.1.1+dfsg/src/pslegend.c:1811:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R0/%g/0/%g -Jx1i -O -K -N -F+f+j %s --GMT_HISTORY=false", GMT->current.proj.rect[XHI], GMT->current.proj.rect[YHI], string);
data/gmt-6.1.1+dfsg/src/pslegend.c:1840:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R0/%g/0/%g -Jx1i -O -K -N -M -F+a+f+j %s --GMT_HISTORY=false", GMT->current.proj.rect[XHI], GMT->current.proj.rect[YHI], string);
data/gmt-6.1.1+dfsg/src/pslegend.c:1875:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s", API->tmp_dir, dname[id]);
data/gmt-6.1.1+dfsg/src/pslegend.c:1877:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s", dname[id]);
data/gmt-6.1.1+dfsg/src/psrose.c:314:47: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_errors += gmt_M_check_condition (GMT, sscanf (opt->arg, "%[^,],%[^,],%[^,],%s", txt_a, txt_b, txt_c, txt_d) != 4, "Option -L: Expected\n\t-L<westlabel>,<eastlabel>,<southlabel>,<northlabel>\n");
data/gmt-6.1.1+dfsg/src/psrose.c:316:47: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_errors += gmt_M_check_condition (GMT, sscanf (opt->arg, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d) != 4, "Option -L: Expected\n\t-L<westlabel>/<eastlabel>/<southlabel>/<northlabel>\n");
data/gmt-6.1.1+dfsg/src/psrose.c:328:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/psrose.c:355:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (opt->arg, "%[^+]%s", txt_a, txt_b); /* txt_a should be symbols size with any +<modifiers> in txt_b */
data/gmt-6.1.1+dfsg/src/psrose.c:661:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Info for data: n = %% " PRIu64 " mean az = %s mean r = %s mean resultant length = %s max %s = %s scaled mean r = %s linear length sum = %s sign@%%.2f = %%d\n",
data/gmt-6.1.1+dfsg/src/psrose.c:1087:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%s", GMT->current.language.cardinal_name[2][0]); Ctrl->L.w = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1088:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%s", GMT->current.language.cardinal_name[2][1]); Ctrl->L.e = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1092:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "0%s", GMT->current.language.cardinal_name[2][3]); Ctrl->L.w = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1093:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "180%s", GMT->current.language.cardinal_name[2][2]); Ctrl->L.e = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1094:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%s", GMT->current.language.cardinal_name[2][1]); Ctrl->L.n = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1099:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%c%s", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol], GMT->current.language.cardinal_name[2][0]); Ctrl->L.w = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1100:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%c%s", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol], GMT->current.language.cardinal_name[2][1]); Ctrl->L.e = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1104:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "0%c%s", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol], GMT->current.language.cardinal_name[2][3]); Ctrl->L.w = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1105:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "180%c%s", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol], GMT->current.language.cardinal_name[2][2]); Ctrl->L.e = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1106:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "90%c%s", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol], GMT->current.language.cardinal_name[2][1]); Ctrl->L.n = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1120:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, x);
data/gmt-6.1.1+dfsg/src/psrose.c:1135:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, GMT->current.map.frame.axis[GMT_X].item[GMT_GRID_UPPER].interval, GMT->current.map.frame.axis[GMT_X].label);
data/gmt-6.1.1+dfsg/src/psrose.c:1138:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, GMT->current.map.frame.axis[GMT_X].item[GMT_GRID_UPPER].interval);
data/gmt-6.1.1+dfsg/src/psscale.c:314:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/psscale.c:323:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/psscale.c:382:39: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'g': strcat (extra, "+"); strcat (extra, p); break; /* Fill */
data/gmt-6.1.1+dfsg/src/psscale.c:383:39: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
case 'p': strcat (extra, "+"); strcat (extra, p); break; /* Pen */
data/gmt-6.1.1+dfsg/src/psscale.c:389:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (extra, p);
data/gmt-6.1.1+dfsg/src/psscale.c:524:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (Ctrl->D.refpoint->args, "%[^/]/%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d, txt_e);
data/gmt-6.1.1+dfsg/src/psscale.c:608:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new_format, "%s%s", format, &text[1]);
data/gmt-6.1.1+dfsg/src/psscale.c:610:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new_format, "%s %s", format, text);
data/gmt-6.1.1+dfsg/src/psscale.c:611:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, new_format);
data/gmt-6.1.1+dfsg/src/psscale.c:728:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, z);
data/gmt-6.1.1+dfsg/src/psscale.c:790:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s%c%s", format, endash, format);
data/gmt-6.1.1+dfsg/src/psscale.c:1174:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, P->data[i].z_low, P->data[i].z_high);
data/gmt-6.1.1+dfsg/src/psscale.c:1408:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (GMT->current.map.frame.axis[GMT_Y].label, label);
data/gmt-6.1.1+dfsg/src/psscale.c:1460:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, P->data[i].z_low, P->data[i].z_high);
data/gmt-6.1.1+dfsg/src/psscale.c:1470:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, format, P->data[i].z_low);
data/gmt-6.1.1+dfsg/src/pssolar.c:539:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s terminator", terms[n]);
data/gmt-6.1.1+dfsg/src/psternary.c:173:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (opt->arg, "%[^/]/%[^/]/%s", Ctrl->L.vlabel[GMT_X], Ctrl->L.vlabel[GMT_Y], Ctrl->L.vlabel[GMT_Z]);
data/gmt-6.1.1+dfsg/src/psternary.c:255:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "a%s", bopt->arg); /* Turn -B<arg> to -Ba<arg> */
data/gmt-6.1.1+dfsg/src/psternary.c:487:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R%g/%g/0/1 -JX%gi/%gi -O -K -B%c \"-B%s\"", wesn_orig[2*k], wesn_orig[2*k+1], sign[k]*width, height, code, psternary_get_B_setting (boptions[k]));
data/gmt-6.1.1+dfsg/src/psternary.c:507:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R0/1/0/1 -JX%gi/%gi -O -K -B+n -By%s", width, height, g);
data/gmt-6.1.1+dfsg/src/psternary.c:531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R0/1/0/1 -JX%gi -O -K -S%s %s", width, Ctrl->S.string, vfile);
data/gmt-6.1.1+dfsg/src/psternary.c:532:65: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->C.active) {strcat (cmd, " -C"); if (Ctrl->C.string) strcat (cmd, Ctrl->C.string);}
data/gmt-6.1.1+dfsg/src/psternary.c:533:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else if (Ctrl->G.active) {strcat (cmd, " -G"); strcat (cmd, Ctrl->G.string);}
data/gmt-6.1.1+dfsg/src/psternary.c:534:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Ctrl->W.active) {strcat (cmd, " -W"); strcat (cmd, Ctrl->W.string);}
data/gmt-6.1.1+dfsg/src/pstext.c:244:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (buffer, "%s %s %s %s %s %s %s\n", size, angle, font, just, spacing, width, pjust);
data/gmt-6.1.1+dfsg/src/pstext.c:248:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (buffer, "%s %s %s %s %[^\n]", size, angle, font, just, txt);
data/gmt-6.1.1+dfsg/src/pstext.c:410:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/pstext.c:432:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf (&opt->arg[k], "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/pstext.c:681:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buffer, &record[pos]);
data/gmt-6.1.1+dfsg/src/pstext.c:839:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, Ctrl->F.text); /* Since we may need to do some replacements below */
data/gmt-6.1.1+dfsg/src/pstext.c:1000:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nscan += sscanf (buffer, "%s %lf %s %s %s %s %s\n", this_size, &T.paragraph_angle, this_font, just_key, txt_a, txt_b, pjust_key);
data/gmt-6.1.1+dfsg/src/pstext.c:1005:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_f, "%s,%s,", this_size, this_font); /* Merge size and font to be parsed by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pstext.c:1033:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nscan += sscanf (in_txt, "%s %s %s\n", txt_a, txt_b, pjust_key);
data/gmt-6.1.1+dfsg/src/pstext.c:1099:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (paragraph, line);
data/gmt-6.1.1+dfsg/src/pstext.c:1131:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nscan += sscanf (line, "%s %lf %s %s %[^\n]\n", this_size, &T.paragraph_angle, this_font, just_key, text);
data/gmt-6.1.1+dfsg/src/pstext.c:1133:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_f, "%s,%s,", this_size, this_font); /* Merge size and font to be parsed by gmt_getfont */
data/gmt-6.1.1+dfsg/src/pstext.c:1180:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (label, GMT->current.io.segment_header);
data/gmt-6.1.1+dfsg/src/pstext.c:1189:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, Ctrl->F.text); /* Since we may need to do some replacements below */
data/gmt-6.1.1+dfsg/src/pstext.c:1197:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, Ctrl->F.text, in[z_col]);
data/gmt-6.1.1+dfsg/src/pswiggle.c:200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt, "%g %s", length, units);
data/gmt-6.1.1+dfsg/src/pswiggle.c:305:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_a, "d%s", &opt->arg[1]);
data/gmt-6.1.1+dfsg/src/pswiggle.c:307:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_a, "D%sk", opt->arg); /* Hardwired to be km */
data/gmt-6.1.1+dfsg/src/pswiggle.c:309:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_a, "d%s", opt->arg); /* Cartesian */
data/gmt-6.1.1+dfsg/src/psxy.c:310:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file, "%s/GMT_symbol%d.def", GMT->parent->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psxy.c:342:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R%g/%g/%g/%g -Jx1i -O -K -S%c%s %s --GMT_HISTORY=false", GMT->current.proj.rect[XLO], GMT->current.proj.rect[XHI],
data/gmt-6.1.1+dfsg/src/psxy.c:355:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_file2, "%s/GMT_symbol%d.txt", GMT->parent->tmp_dir, (int)getpid());
data/gmt-6.1.1+dfsg/src/psxy.c:358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "-R -J -O -K -SK%s %s", tmp_file, tmp_file2);
data/gmt-6.1.1+dfsg/src/psxy.c:680:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((j = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b)) < 1) {
data/gmt-6.1.1+dfsg/src/psxy.c:2027:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S.D.fill[0]) strcat (s_args, S.D.fill); /* Set specific fill */
data/gmt-6.1.1+dfsg/src/psxy.c:2029:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (S.D.pen[0]) strcat (s_args, S.D.pen); /* Set specific outline */
data/gmt-6.1.1+dfsg/src/psxyz.c:363:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (opt->arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c)) < 2) {
data/gmt-6.1.1+dfsg/src/sample1d.c:259:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s", opt->arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:261:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s/-", opt->arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:300:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, i_arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:303:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s", i_arg);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:171:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "usage: script2verbatim [--strip-comments] [--ps2pdf] input output\n");
data/gmt-6.1.1+dfsg/src/script2verbatim.c:176:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "error opening input file %s.\n", argv[argc-2]);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:181:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "error opening output file %s.\n", argv[argc-1]);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:191:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "line %d too long: %s\n", line_num, line);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:205:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, FAILURE_PREFIX "error: did not reach eof.\n");
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:292:76: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->T.active && Ctrl->T.file && access (Ctrl->T.file, R_OK),
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:277:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b) == 2) {
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:320:76: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->T.active && Ctrl->T.file && access (Ctrl->T.file, R_OK), "SCannot file file %s\n", Ctrl->T.file);
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:554:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (line, GMT->current.setting.format_float_out, Ctrl->N.d_value);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:658:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[2], "%[^/]/%[^/]/%s", txt, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:785:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[1], "%[^/]/%[^/]/%s", txt, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:958:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scanned = sscanf (In->text, "%s %s %[^\n]s\n", Xstring, Ystring, event_title);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:453:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&opt->arg[1], "%[^/]/%[^/]/%s", txt, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:626:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_scanned = sscanf (In->text, "%s %s %[^\n]s\n", Xstring, Ystring, event_title);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:227:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&c[1], "%[^/]/%[^/]/%[^/]/%s", txt_a, txt_b, txt_c, txt_d);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:365:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&p[2], "%[^+]%s", txt_a, txt_b); /* txt_a should be symbols size with any +<modifiers> in txt_b */
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:383:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(opt->arg, "%[^+]%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:573:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (In->text, "%s %s %s %s %lf %lf %c %lf", col[0], col[1], col[2], stacode, &azimut, &ih, col[3], &azS);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:579:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (In->text, "%s %s %s %s %lf %lf %s", col[0], col[1], col[2], stacode, &azimut, &ih, col[3]);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:585:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (In->text, "%s %lf %lf %c %lf", stacode, &azimut, &ih, &pol, &azS);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:590:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (In->text, "%s %lf %lf %c", stacode, &azimut, &ih, &pol);
data/gmt-6.1.1+dfsg/src/seis/pssac.c:245:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((j = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b)) < 1) {
data/gmt-6.1.1+dfsg/src/seis/pssac.c:295:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
j = sscanf(opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/seis/pssac.c:553:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nr = sscanf (In->text, "%s %lf %lf %s", file, &x, &y, pen);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:263:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "X var: %s X pow: %s ratio: %s Y var: %s Y pow: %s ratio: %s\n",
data/gmt-6.1.1+dfsg/src/spectrum1d.c:307:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.xpower", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:324:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.ypower", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:340:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.cpower", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:356:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.npower", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:372:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.gain", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:396:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.admit", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:411:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.phase", namestem);
data/gmt-6.1.1+dfsg/src/spectrum1d.c:427:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.coh", namestem);
data/gmt-6.1.1+dfsg/src/sph2grd.c:160:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (&opt->arg[k], "%[^/]/%[^/]/%[^/]/%s", A, B, D, E);
data/gmt-6.1.1+dfsg/src/sphinterpolate.c:80:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
m = sscanf (arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:132:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Triangle: %" PRIu64 " %" PRIu64 "-%" PRIu64 "-%" PRIu64 " Area: %g -Z%" PRIu64,
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:136:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Triangle: %" PRIu64 " -Z%" PRIu64, k, k);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:192:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Arc: %" PRIu64 "-%" PRIu64 " Length: %g -Z%" PRIu64, arc[i].begin, arc[i].end, dist, i);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:195:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Arc: %" PRIu64 "-%" PRIu64 " -Z%" PRIu64, arc[i].begin, arc[i].end, i);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:313:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Pol: %" PRIu64 " %g %g Area: %g -Z%" PRIu64, node, lon[node], lat[node], area_km2, node);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:316:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Pol: %" PRIu64 " %g %g -Z%" PRIu64, node, lon[node], lat[node], node);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:361:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Arc: %" PRIu64 "-%" PRIu64 " Length: %g -Z%" PRIu64, arc[i].begin, arc[i].end, dist, i);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:364:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (segment_header, "Arc: %" PRIu64 "-%" PRIu64 " -Z%" PRIu64, arc[i].begin, arc[i].end, i);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:684:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "sphtriangulate %s output via STRPACK", tmode[Ctrl->Q.mode]);
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:686:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (header, (Ctrl->T.active) ? ". Arc lengths in " : ". Areas in ");
data/gmt-6.1.1+dfsg/src/splitxyz.c:237:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_a, "D%sk", opt->arg); /* Hardwired to be km */
data/gmt-6.1.1+dfsg/src/splitxyz.c:239:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt_a, "d%s", opt->arg); /* Cartesian */
data/gmt-6.1.1+dfsg/src/splitxyz.c:586:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (header, "Profile %" PRIu64" -I%" PRIu64, seg, seg);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:230:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (opt->arg, "%[^/]/%s", txt_a, txt_b);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:455:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -M%g -Fs ->%s", Ctrl->E.rot.file, Ctrl->M.value, tmpfile);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:608:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (GMT->current.io.segment_header, "%s %s %g %g -L%" PRIu64, type, dir, in[GMT_X], in[GMT_Y], n_points);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:611:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GMT->current.io.segment_header, "%s %s %g %g", type, dir, in[GMT_X], in[GMT_Y]);
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:525:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, Ctrl->G.file, tag[Ctrl->S.mode[k]]);
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:187:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_items = sscanf (opt->arg, "%[^/]/%[^/]/%[^/]/%s", txt[0], txt[1], txt[2], txt[3]);
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:254:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (opt->arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:575:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (dfile, Ctrl->D.file, Ctrl->T.value[t]);
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:703:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (gfile, Ctrl->G.file, Ctrl->T.value[t]);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:332:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (opt->arg, R_OK)) { /* The file exists */
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:861:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (file, format, layer);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:418:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s_drift.txt", hotspot[spot].h->abbrev);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:426:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, file); /* Prepend path to drift file name */
data/gmt-6.1.1+dfsg/src/spotter/originater.c:451:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt1, "%s%s%s%s%s%s%s%s%%s", GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out,
data/gmt-6.1.1+dfsg/src/spotter/originater.c:455:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt2, "%s%%d%s%%d%s%s%s%s", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:457:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt2, "%s%%s%s%%d%s%s%s%s", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:670:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, fmt2, hot[spot].h->id, hot[spot].stage, hot[spot].np_time, hot[spot].np_dist);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:672:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, fmt2, hot[spot].h->abbrev, hot[spot].stage, hot[spot].np_time, hot[spot].np_dist);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:673:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, buffer);
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:186:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf (&opt->arg[1], "%[^/]/%s", txt_a, txt_b)) != 2) {
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:393:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "Great circle: Center = %g/%g and pole is %g/%g -I%s", mlon, mlat, glon, glat, label[d]);
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:318:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "-%c%s", opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:477:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "plateid%stime%slatitude%slongitude%sangle%sfixedplateid\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, \
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "longitude%slatitude%sangle(deg)\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:482:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "longitude%slatitude%s%s%sangle(deg)\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, time_text[Ctrl->A.active], GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:485:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (record, "longitude%slatitude%s%s%s%s%sangle(deg)\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, start_text[Ctrl->A.active], GMT->current.setting.io_col_separator, end_text[Ctrl->A.active], GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/spotter/rotsmoother.c:193:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (opt->arg, "%[^/]/%[^/]/%s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:341:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (file, "%[^-]-%s", A, B) != 2) return (false);
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:424:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (file, "%[^-]-%s", A, B);
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:447:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((nf = sscanf (buffer, "%d\t%s\t%[^\n]", &id, txt, comment)) < 3) continue;
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:634:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (buffer, "%lf %lf %s %d %lf %lf %lf %c %c %c %s",
data/gmt-6.1.1+dfsg/src/subplot.c:347:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (Ctrl->A.format, add);
data/gmt-6.1.1+dfsg/src/subplot.c:769:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt_%d.ps-", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:770:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, F_OK)) { /* Plot file already exists, so enter overlay mode if -X -Y are not set */
data/gmt-6.1.1+dfsg/src/subplot.c:784:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplot.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:785:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, F_OK)) { /* Subplot information file already exists, two begin subplot commands? */
data/gmt-6.1.1+dfsg/src/subplot.c:925:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (report, txt);
data/gmt-6.1.1+dfsg/src/subplot.c:939:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (report, txt);
data/gmt-6.1.1+dfsg/src/subplot.c:1129:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, Ctrl->A.format, roman);
data/gmt-6.1.1+dfsg/src/subplot.c:1132:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, Ctrl->A.format, Ctrl->A.nstart + k);
data/gmt-6.1.1+dfsg/src/subplot.c:1135:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, Ctrl->A.format, Ctrl->A.cstart + k);
data/gmt-6.1.1+dfsg/src/subplot.c:1163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplotorder.%d", API->gwf_dir, fig); /* File with dimensions and ordering */
data/gmt-6.1.1+dfsg/src/subplot.c:1194:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Bopt, " -B+g%s -B0 --MAP_FRAME_PEN=%s", Ctrl->F.fill, Ctrl->F.pen);
data/gmt-6.1.1+dfsg/src/subplot.c:1196:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Bopt, " -B+g%s", Ctrl->F.fill);
data/gmt-6.1.1+dfsg/src/subplot.c:1198:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (Bopt, " -B0 --MAP_FRAME_PEN=%s", Ctrl->F.pen);
data/gmt-6.1.1+dfsg/src/subplot.c:1218:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "-R0/%g/0/%g -Jx1i -N -F+jBC+f%s %s -X%c%gi -Y%c%gi --GMT_HISTORY=false",
data/gmt-6.1.1+dfsg/src/subplot.c:1220:24: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Bopt[0] == ' ') strcat (command, Bopt); /* The -B was set above, so include it in the command */
data/gmt-6.1.1+dfsg/src/subplot.c:1229:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (Bopt[0]) strcat (command, Bopt); /* The -B was set above, so include it in the command */
data/gmt-6.1.1+dfsg/src/subplot.c:1246:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "-R0/%g/0/%g -Jx1i -W%s %s --GMT_HISTORY=false", Ctrl->F.dim[GMT_X] + GMT->current.setting.map_origin[GMT_X], Ctrl->F.dim[GMT_Y] + GMT->current.setting.map_origin[GMT_Y], Ctrl->F.Lpen, vfile);
data/gmt-6.1.1+dfsg/src/subplot.c:1253:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplotdebug.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:1356:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplot.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:1358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplotorder.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:1360:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.panel.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:1363:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/gmt.subplotdebug.%d", API->gwf_dir, fig);
data/gmt-6.1.1+dfsg/src/subplot.c:1364:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (file, R_OK)) { /* Yes, must draw debug lines on top */
data/gmt-6.1.1+dfsg/src/subplot.c:1371:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "-R%s -Jx1i %s -L -Wfaint,red -Xa0i -Ya0i --GMT_HISTORY=false", D->table[0]->header[0], vfile);
data/gmt-6.1.1+dfsg/src/surface.c:706:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "No data inside search radius at: %s %s [node set to data mean]\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface.c:814:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%s %s %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface.c:815:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (msg, C->format, (double)C->data[kmin].x, (double)C->data[kmin].y, (double)C->data[kmin].z);
data/gmt-6.1.1+dfsg/src/surface.c:817:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (msg, C->format, (double)C->data[kmax].x, (double)C->data[kmax].y, (double)C->data[kmax].z);
data/gmt-6.1.1+dfsg/src/surface.c:1015:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%%4ld\t%%c\t%%8" PRIu64 "\t%s\t%s\t%%10" PRIu64 "\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface.c:1152:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format,"\t%%8ld\t%%8ld\t%s\t%s\t%s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface.c:1323:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (region, "-R%s/", buffer);
data/gmt-6.1.1+dfsg/src/surface.c:1325:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface.c:1327:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface.c:1329:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer);
data/gmt-6.1.1+dfsg/src/surface.c:1435:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname1, "%s.int", file);
data/gmt-6.1.1+dfsg/src/surface.c:1436:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname2, "%s.final", file);
data/gmt-6.1.1+dfsg/src/surface.c:1938:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C.format, "Grid domain: W: %s E: %s S: %s N: %s n_columns: %%d n_rows: %%d [", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface.c:2110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -R%g/%g/%g/%g -I%g/%g -NNaN/1/1 -S%s -V%c --GMT_HISTORY=false",
data/gmt-6.1.1+dfsg/src/surface_experimental.c:848:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "No data inside search radius at: %s %s [node set to data mean]\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:957:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%s %s %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:958:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (msg, C->format, (double)C->data[kmin].x, (double)C->data[kmin].y, (double)C->data[kmin].z);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:960:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (msg, C->format, (double)C->data[kmax].x, (double)C->data[kmax].y, (double)C->data[kmax].z);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1201:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%%4ld\t%%c\t%%8" PRIu64 "\t%s\t%s\t%%10" PRIu64 "\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1216:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s_%7.7d_%s_%d.nc", debug_prefix, (int)iteration_count, mode_name[mode], C->current_stride);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1313:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s_%7.7d_%s_%d.nc", debug_prefix, (int)iteration_count, mode_name[mode], C->current_stride);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1413:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format,"\t%%8ld\t%%8ld\t%s\t%s\t%s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1614:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (region, "-R%s/", buffer);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1616:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1618:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1620:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1729:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname1, "%s.int", file);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1730:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname2, "%s.final", file);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2031:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (debug_prefix, &opt->arg[k]);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2257:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C.format, "Grid domain: W: %s E: %s S: %s N: %s n_columns: %%d n_rows: %%d [", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2460:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -G%s -R%g/%g/%g/%g -I%g/%g -NNaN/1/1 -S%s -V%c --GMT_HISTORY=false", input, mask, wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI],
data/gmt-6.1.1+dfsg/src/surface_old.c:559:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "No data inside search radius at: %s %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_old.c:675:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%s %s %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_old.c:831:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format, "%%4ld\t%%c\t%%8" PRIu64 "\t%s\t%s\t%%10" PRIu64 "\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_old.c:1182:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C->format,"\t%%8ld\t%%8ld\t%s\t%s\t%s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/surface_old.c:1359:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (region, "-R%s/", buffer);
data/gmt-6.1.1+dfsg/src/surface_old.c:1361:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_old.c:1363:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_old.c:1365:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (region, buffer);
data/gmt-6.1.1+dfsg/src/surface_old.c:1818:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (C.format, "Grid domain: W: %s E: %s S: %s N: %s n_columns: %%d n_rows: %%d [", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/test_JL.c:24:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-sa %s -Gtopo.nc ->%s", input, output);
data/gmt-6.1.1+dfsg/src/test_JL.c:42:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-sa %s -Gtopo.nc ->%s", input, output);
data/gmt-6.1.1+dfsg/src/test_example1.c:20:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-R0/7/0/7 -I0.2 -D1 -St0.3 %s -G%s", input, output);
data/gmt-6.1.1+dfsg/src/test_walter.c:50:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-G%s %s -nl > %s", grid, input, output);
data/gmt-6.1.1+dfsg/src/testapi_imageshading.c:17:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JX6i -P -Baf -Cgeo -I+d", input);
data/gmt-6.1.1+dfsg/src/testapi_imageshading.c:19:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JX6i -P -Baf -Cgeo", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix.c:20:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-sa %s -Gtopo.nc ->%s", input, output);
data/gmt-6.1.1+dfsg/src/testapi_matrix.c:31:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-R3/9/50/54 -JM6i -P -Baf -W0.5p %s ->apimat.ps", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360.c:24:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -Rg -JH0/6i -Bg30 -K -Cgeo -P", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360.c:28:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R -JH98.7/6i -Bg30 -K -Cgeo -O -Y3.25i", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360.c:32:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R -JH180/6i -Bg30 -O -Cgeo -Y3.25i", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360_ref.c:24:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -Rg -JH0/6i -Bg30 -K -Cgeo -P", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360_ref.c:28:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R -JH98.7/6i -Bg30 -K -Cgeo -O -Y3.25i", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_360_ref.c:32:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R -JH180/6i -Bg30 -O -Cgeo -Y3.25i", input);
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:28:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args_g, "%s -C", input_g);
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:31:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args_g, "%s -R-1/3/-1/3 -JX6c -Baf -BWSen+tGridline -K -P > api_matrix_as_grid.ps", input_g);
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:41:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args_p, "%s -C", input_p);
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:44:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args_p, "%s -R-1/3/-1/3 -JX6c -Baf -BWSen+tPixel -O -X8c >> api_matrix_as_grid.ps", input_p);
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:48:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args_g, "%s -R0/1/0/1 -Goutput.nc", input_g);
data/gmt-6.1.1+dfsg/src/testapi_matrix_plot.c:17:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JM6i -P -Baf -Ei -I+d", input);
data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c:34:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R0/5/0/5 -JX5i -P -Baf -Sc0.1i -Gred -K > testapi_mixmatrix.ps", input);
data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c:40:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -R -J -O -F+f14p+jLB -DJ0.1i >> testapi_mixmatrix.ps", input);
data/gmt-6.1.1+dfsg/src/testapi_userdataset.c:212:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s 10 MUL 1 ADD = %s", input, output);
data/gmt-6.1.1+dfsg/src/testapi_usergrid.c:235:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s 10 MUL 1 ADD = %s", input, output);
data/gmt-6.1.1+dfsg/src/testapi_uservectors.c:243:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s 10 MUL 1 ADD = %s", input, output);
data/gmt-6.1.1+dfsg/src/testapi_vector.c:23:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-sa %s -Gtopo.nc ->%s", input, output);
data/gmt-6.1.1+dfsg/src/testapi_vector.c:34:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "-R3/9/50/54 -JM6i -P -Baf -W0.5p %s ->apivec.ps", input);
data/gmt-6.1.1+dfsg/src/testapi_vector_plot.c:23:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JX10c -R0/10/0/10 -Baf -W1p,black+ve0.2c -P", input);
data/gmt-6.1.1+dfsg/src/testapi_vector_strings.c:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JX10c -R0/10/0/10 -Baf -F+a+j+f", input);
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:52:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "%s -JX10c -R0/10/0/10 -Baf -F+a+j+f", input);
data/gmt-6.1.1+dfsg/src/testgmtshell.c:51:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = sscanf (line, "%s %s %[^\n]", first, module, args);
data/gmt-6.1.1+dfsg/src/testgmtshell.c:57:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system (line);
data/gmt-6.1.1+dfsg/src/testgrdio.c:43:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, format[k], code);
data/gmt-6.1.1+dfsg/src/testpsl.c:41:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R0/20/0/20 -JM6i -P -Gred -K > %s", string); /* Create command for pscoast */
data/gmt-6.1.1+dfsg/src/testpsl.c:50:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "-R -J -O -Baf >> %s", string); /* Create command for psbasemap overlay */
data/gmt-6.1.1+dfsg/src/trend1d.c:726:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format,"Read %%" PRIu64 " data with X values from %s to %s\n", GMT->current.setting.format_float_out, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend1d.c:731:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%d%s%%d%s%s%s%s\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend1d.c:849:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Final model stats: N model parameters %%d. Rank %%d. Chi-Squared: %s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend1d.c:861:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s%s", GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend2d.c:575:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s%s", GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/trend2d.c:631:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%%d%s%%d%s%s%s%s\n", GMT->current.setting.io_col_separator, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator, GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend2d.c:731:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "Final model stats: N model parameters %%d. Rank %%d. Chi-Squared: %s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/trend2d.c:734:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (format, "%s%s", GMT->current.setting.format_float_out, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/triangulate.c:583:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (header, "%s -Z%g", P->header, zpol[seg]);
data/gmt-6.1.1+dfsg/src/triangulate.c:893:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, "Polygon %d-%d-%d -Z%" PRIu64, link[ij], link[ij+1], link[ij+2], i);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:133:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s.gmt", leg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:134:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (geo_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:135:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (leg_path, geo_path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:142:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s/%s.gmt", mgg_path[id], leg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:143:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (geo_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:144:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (leg_path, geo_path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:174:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mgg_path[n_mgg_paths], line);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:242:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (X2SYS_HOME, this);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:256:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s", X2SYS_HOME, fname);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:280:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((k = access (file, mode)) != 0) { /* Not in X2SYS_HOME directory */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:281:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
k = access (fname, mode); /* Try in current directory */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:333:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s/%s.%s", TAG, fname, X2SYS_FMT_EXT);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:335:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (X->separators, "%s\n", GMT_TOKEN_SEPARATORS);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s/%s.%s", TAG, fname, X2SYS_FMT_EXT_OLD);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:389:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
is = sscanf (line, "%s %c %c %lf %lf %lf %s %s", X->info[i].name, &X->info[i].intype, &yes_no, &X->info[i].nan_proxy, &X->info[i].scale, &X->info[i].offset, X->info[i].format, cardcol);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:665:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:676:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->path, path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:737:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:754:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->path, path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:842:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:851:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->path, MC.path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:915:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (file, fname);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:917:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:926:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->path, MC.path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:970:62: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:977:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, s->info[s->out_order[i]].name);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:980:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->path, path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1031:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "%s", name);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1065:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %lg", name, &this_w) != 2) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1121:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tag_file, "%s/%s.tag", TAG, TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1358:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (track_file, "%s/%s_tracks.d", S->TAG, S->TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1381:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %d %d", name, &id, &flag) != 3) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1420:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (index_file, "%s/%s_index.b", S->TAG, S->TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1548:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s/%s_paths.txt", X2SYS_HOME, S->TAG, S->TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1569:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (x2sys_datadir[n_x2sys_paths], line);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1582:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (x2sys_datadir[n_x2sys_paths], GMT->session.CACHEDIR);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1615:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (track_path, "%s.%s", track, suffix);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1617:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, track);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1625:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s.%s", track, suffix);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1629:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(geo_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1630:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, geo_path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1641:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s/%s.%s", x2sys_datadir[id], track, suffix);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1643:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (geo_path, "%s/%s", x2sys_datadir[id], track);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1645:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (geo_path, R_OK)) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1646:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (track_path, geo_path);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1723:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&line[2], "%*s %*s %s %*s %*s %*s %*s %*s %*s %*s %s", kind, txt); /* Get first column name after lon/x etc */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1759:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s %%s %%s %%s %%s %%s %%s %%s %%s %%s"); /* The standard 10 items up front */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1777:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n_items = sscanf (&line[2], "%s %d %s %d %s %s", trk[0], &year[0], trk[1], &year[1], info[0], info[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1826:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (P[p].trk[k], trk[k]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1858:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (line, fmt, x_txt, y_txt, t_txt[0], t_txt[1], d_txt[0], d_txt[1], h_txt[0], h_txt[1], v_txt[0], v_txt[1], z_txt[0], z_txt[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:2037:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%s/%s_corrections.txt", X2SYS_HOME, S->TAG, S->TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:2038:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, R_OK)) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_binlist.c:268:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (proj, "Y%g/%s/360", mid, EA_LAT);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_binlist.c:323:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, " %s", Ctrl->T.TAG); /* Preserve the leading space for backwards compatibility */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:494:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, "%s %s", name1, name2) != 2) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:758:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s - %s", trk_name[A], trk_name[B]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:934:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "Tag: %s", Ctrl->T.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:937:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "Command: %s %s", THIS_MODULE_CLASSIC_NAME, cmd); /* Build command line argument string */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:940:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s%s%s%s%c_1%s%c_2%sdist_1%sdist_2%shead_1%shead_2%svel_1%svel_2",
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:945:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (item, "%s%s_1%s%s_2", c, s->info[s->out_order[col]].name, c, s->info[s->out_order[col]].name);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:947:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (item, "%s%s_X%s%s_M", c, s->info[s->out_order[col]].name, c, s->info[s->out_order[col]].name);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:948:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, item);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:968:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s/%s/%g %s/%s/%g", l_start[SET_A], stop[SET_A], dist[SET_A][n_rec[SET_A]-1], l_start[SET_B], stop[SET_B], dist[SET_B][n_rec[SET_B]-1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:969:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (line, x2sys_header, trk_name[A], data_set[SET_A].year, trk_name[B], data_set[SET_B].year, info);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:194:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s/%s.%s.adj", DIR, TAG, track, column);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:492:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GMT->current.io.segment_header, "%s\n", trk_name[trk_no]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:545:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (text, s->info[s->out_order[ocol]].format, out[ocol]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:547:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (ocol) strcat (fmt_record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:548:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fmt_record, text);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:405:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s%s%s\n", B.head[id1].trackname, GMT->current.setting.io_col_separator, B.head[id2].trackname);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:407:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s%s%s\n", B.head[id2].trackname, GMT->current.setting.io_col_separator, B.head[id1].trackname);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:426:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "Search command: %s", THIS_MODULE_CLASSIC_NAME);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:428:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(opt->option == GMT_OPT_INFILE) ? sprintf (text, " %s", opt->arg) : sprintf (text, " -%c%s", opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:428:74: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(opt->option == GMT_OPT_INFILE) ? sprintf (text, " %s", opt->arg) : sprintf (text, " -%c%s", opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:429:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, text);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:432:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "track_ID%s", GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:434:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s%s", s->info[ii].name, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:435:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, text);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:437:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, s->info[s->n_fields-1].name);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:443:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s.%s", B.head[kk].trackname, s->suffix);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:446:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:307:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (def_file, "%s.%s", Ctrl->D.file, X2SYS_FMT_EXT);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:308:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (def_file, R_OK)) { /* No such local *.fmt file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:311:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (def_file, "%s.%s", Ctrl->D.file, X2SYS_FMT_EXT_OLD);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:312:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (def_file, R_OK)) { /* No such local *.def file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:349:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tag_file, "%s/%s.tag", Ctrl->In.TAG, Ctrl->In.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:350:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (def_file, "%s/%s.%s", Ctrl->In.TAG, &Ctrl->D.file[d_start], X2SYS_FMT_EXT);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:351:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path_file, "%s/%s_paths.txt", Ctrl->In.TAG, Ctrl->In.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:352:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (track_file, "%s/%s_tracks.d", Ctrl->In.TAG, Ctrl->In.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:353:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_file, "%s/%s_index.b", Ctrl->In.TAG, Ctrl->In.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:525:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "Tag: %s %s", Ctrl->T.TAG, Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:528:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "Command: %s %s", THIS_MODULE_CLASSIC_NAME, cmd); /* Build command line argument string */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:534:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (i > 0) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:540:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, Ctrl->C.col); strcat (record, "_x");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:544:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "dist_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "dist_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:551:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "head_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "head_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:564:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "ID_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "ID_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:571:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "t_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "t_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:578:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "T_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "T_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:585:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "vel_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "vel_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:601:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, Ctrl->C.col); strcat (record, "_1"); strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:601:60: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, Ctrl->C.col); strcat (record, "_1"); strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:602:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, Ctrl->C.col); strcat (record, "_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:605:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:610:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (i > 0) strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:612:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, "track_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "track_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:635:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "%s - %s nx = %d", P[p].trk[0], P[p].trk[1], P[p].nx);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:726:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (record, P[p].trk[0]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:727:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:728:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (record, P[p].trk[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:731:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (record, P[p].trk[two]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:122:61: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->A.active && !access (Ctrl->A.file, F_OK), "Unable to find crossover file %s\n", Ctrl->A.file);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:123:61: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
n_errors += gmt_M_check_condition (GMT, Ctrl->M.active && !access (Ctrl->M.file, F_OK), "Unable to find crossover file %s\n", Ctrl->M.file);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:274:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (line, "> %s", track);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:354:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (track_file, "%s/%s_tracks.d", Ctrl->T.TAG, Ctrl->T.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:355:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (index_file, "%s/%s_index.b", Ctrl->T.TAG, Ctrl->T.TAG);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:366:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (old_track_path, F_OK)) { /* First delete old file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:374:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (track_path, F_OK)) { /* Next rename current file (if it exists) to the old file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:382:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (old_index_path, F_OK)) { /* First delete old file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:389:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access (index_path, F_OK)) { /* Next rename current file (if it exists) to the old file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:374:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "Tag: %s %s", Ctrl->T.TAG, Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:376:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "Command: %s", THIS_MODULE_CLASSIC_NAME);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:390:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (word, "-%c%s", opt->option, opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:397:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (record, "track%sN%smean%sstdev%srms%sweight[%" PRIu64 "]", c, c, c, c, c, n_use);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:402:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "TOTAL%%s%%" PRIu64 "%%s%s%%s%s%%s%s%%s1",
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:405:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, fmt, c, Tnx, c, Tmean, c, Tstdev, c, Trms, c);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:407:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmt, "%%s%%s%%" PRIu64 "%%s%s%%s%s%%s%s%%s%s",
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:416:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (record, fmt, trk_name[k], c, R[k].nx, c, R[k].mean, c, R[k].stdev, c, R[k].rms, c, R[k].W);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:464:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file, "%s/%s/%s.%s.adj", X2SYS_HOME, Ctrl->T.TAG, trk_name[k], Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:459:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (&GMT->current.io.curr_text[6], "%s %s", file_TAG, file_column);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:487:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((ks = sscanf (In->text, "%s %s", trk[0], trk[1])) != 2) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:640:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(GMT->common.b.active[GMT_IN]) ? sprintf (trk[0], "%" PRIu64, p) : sprintf (trk[0], "%s", trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:640:70: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(GMT->common.b.active[GMT_IN]) ? sprintf (trk[0], "%" PRIu64, p) : sprintf (trk[0], "%s", trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:708:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(GMT->common.b.active[GMT_IN]) ? sprintf (trk[0], "%" PRIu64, p) : sprintf (trk[0], "%s", trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:708:74: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(GMT->common.b.active[GMT_IN]) ? sprintf (trk[0], "%" PRIu64, p) : sprintf (trk[0], "%s", trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:832:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(GMT->common.b.active[GMT_IN]) ? sprintf (line, "%" PRIu64, p) : sprintf (line, frmt_name, trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:832:68: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(GMT->common.b.active[GMT_IN]) ? sprintf (line, "%" PRIu64, p) : sprintf (line, frmt_name, trk_list[p]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:834:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:854:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "\t%g*((%s))", 1.0 - var[0], Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:857:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "\t%g\t%g*((%s))", var[0], 1.0 - var[1], Ctrl->C.col);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:860:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, text);
data/gmt-6.1.1+dfsg/src/xyz2grd.c:225:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (arg, "i%s", opt->arg);
data/gmt-6.1.1+dfsg/src/xyz2grd.c:488:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf (fp, "%s", line) != 1) {
data/gmt-6.1.1+dfsg/src/xyz2grd.c:800:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s\n", GMT->current.setting.format_float_out);
data/gmt-6.1.1+dfsg/src/xyz2grd.c:801:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(GMT->common.d.active[GMT_IN]) ? sprintf (e_value, GMT->current.setting.format_float_out, GMT->common.d.nan_proxy[GMT_IN]) : sprintf (e_value, "NaN");
data/gmt-6.1.1+dfsg/src/end.c:117:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!((setting = getenv ("GMT_END_SHOW")) && !strcmp (setting, "off")))
data/gmt-6.1.1+dfsg/src/gmt.c:239:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((txt = getenv ("shell")) == NULL) /* Likely not in a csh-type environment, try the Bourne shell environment variable SHELL */
data/gmt-6.1.1+dfsg/src/gmt.c:240:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
txt = getenv ("SHELL"); /* Here txt is either a shell path or NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:917:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((str = getenv ("GMT_SESSION_NAME")) != NULL) { /* GMT_SESSION_NAME was set in the environment */
data/gmt-6.1.1+dfsg/src/gmt_api.c:933:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((str = getenv ("SHELL")) != NULL) { /* GMT_SESSION_NAME was set in the environment */
data/gmt-6.1.1+dfsg/src/gmt_api.c:6853:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dir = getenv ("TEMP"))) /* Standard Windows temp directory designation */
data/gmt-6.1.1+dfsg/src/gmt_api.c:6857:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dir = getenv ("TMPDIR"))) /* Alternate tmp dir for *nix */
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:86:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath (path, result) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:170:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath (candidate, result) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:184:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath (candidate, result) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:196:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv ("PATH");
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:208:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath (candidate_abs, result) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:235:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath (info.dli_fname, result) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:874:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("GDAL_HTTP_UNSAFESSL")) /* The fact that it exist is not enough. It might be from a GMT process only. */
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:875:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
CPLSetConfigOption ("GDAL_HTTP_UNSAFESSL", getenv("GDAL_HTTP_UNSAFESSL"));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:876:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CURL_CA_BUNDLE")) /* And the same for this one. */
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:877:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
CPLSetConfigOption ("CURL_CA_BUNDLE", getenv("CURL_CA_BUNDLE"));
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3040:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv ("GDAL_HTTP_UNSAFESSL") && !getenv("CURL_CA_BUNDLE"))
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3040:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv ("GDAL_HTTP_UNSAFESSL") && !getenv("CURL_CA_BUNDLE"))
data/gmt-6.1.1+dfsg/src/gmt_init.c:3053:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT6_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT6_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3055:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((this_c = getenv ("GMT5_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT5_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3057:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((this_c = getenv ("GMT_SHAREDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_SHAREDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3083:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("HOME")) != NULL) /* HOME was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3086:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((this_c = getenv ("USERPROFILE")) != NULL) /* USERPROFILE was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3088:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((this_c = getenv ("HOMEPATH")) != NULL) /* HOMEPATH was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3106:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_USERDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_USERDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3126:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_CACHEDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_CACHEDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3147:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_SESSIONDIR")) != NULL && !access (this_c, F_OK|R_OK)) /* GMT_SESSIONDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3180:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_CPTDIR")) != NULL && !access (this_c, F_OK|R_OK)) { /* GMT_CPTDIR was set to a valid directory */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3187:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_DATA_SERVER")) != NULL) /* GMT_DATA_SERVER was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3189:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((this_c = getenv ("GMT_DATA_URL")) != NULL) /* GMT_DATA_URL [deprecated in 6.0.0] was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3198:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_DATADIR")) != NULL) { /* GMT_DATADIR was set */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3228:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GMT_TMPDIR")) != NULL) { /* GMT_TMPDIR was set, check it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14196:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *setting = getenv ("GMT_END_SHOW");
data/gmt-6.1.1+dfsg/src/gmt_init.c:16445:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((path1 = getenv ("LOCAL_GDAL_DATA")) != NULL) paths[local_count++] = path1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:16446:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((path2 = getenv ("LOCAL_PROJ_LIB")) != NULL) paths[local_count++] = path2;
data/gmt-6.1.1+dfsg/src/gmt_memory.c:127:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv ("GMT_TRACK_MEMORY"); /* 0: off; any: track; 2: log to file */
data/gmt-6.1.1+dfsg/src/gmt_sharedlibs.c:22:15: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dll_handle = LoadLibrary (module_name);
data/gmt-6.1.1+dfsg/src/gmt_sharedlibs.c:24:16: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dll_handle = LoadLibraryEx (module_name, NULL, 0);
data/gmt-6.1.1+dfsg/src/gmt_stat.c:1607:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (seed);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15419:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (U = getenv ("USERNAME")) /* Got a name from the environment instead */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:124:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("MGD77_HOME")) != NULL) { /* MGD77_HOME was set */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3450:54: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = sharedir) == NULL && search) this_c = getenv ("PSL_SHAREDIR");
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3466:53: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = userdir) == NULL && search) this_c = getenv ("PSL_USERDIR");
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:999:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ((unsigned int)time(NULL)); /* Initialize random number generator */
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:425:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GPLATES_PLATES"))) {
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:461:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this_c = getenv ("GPLATES_ROTATIONS"))) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:240:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((this = getenv ("X2SYS_HOME")) != NULL) { /* Set user's default path */
data/gmt-6.1.1+dfsg/src/PSL_patterns.h:20:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PSL_pattern[90][512] = {
data/gmt-6.1.1+dfsg/src/batch.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[GMT_LEN8]; /* word separator(s) */
data/gmt-6.1.1+dfsg/src/batch.c:117:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (C->T.sep, " \t"); /* White space */
data/gmt-6.1.1+dfsg/src/batch.c:138:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->x.n_threads = atoi (arg);
data/gmt-6.1.1+dfsg/src/batch.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/batch.c:247:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.job = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/batch.c:273:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((Ctrl->S[k].fp = fopen (Ctrl->S[k].file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:286:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.precision = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/batch.c:289:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.start_job = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/batch.c:366:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (n_errors == 0 && ((Ctrl->I.fp = fopen (Ctrl->I.file, "r")) == NULL)) {
data/gmt-6.1.1+dfsg/src/batch.c:372:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (n_errors == 0 && ((Ctrl->In.fp = fopen (Ctrl->In.file, "r")) == NULL)) {
data/gmt-6.1.1+dfsg/src/batch.c:401:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *extension[3] = {"sh", "csh", "bat"}, *load[3] = {"source", "source", "call"}, var_token[4] = "$$%";
data/gmt-6.1.1+dfsg/src/batch.c:402:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rmdir[3] = {"rm -rf", "rm -rf", "rd /s /q"}, *export[3] = {"export ", "setenv ", ""};
data/gmt-6.1.1+dfsg/src/batch.c:403:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mvfile[3] = {"mv -f", "mv -f", "move /Y"}, *sc_call[3] = {"bash ", "csh ", "start /B"};
data/gmt-6.1.1+dfsg/src/batch.c:404:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *createfile[3] = {"touch", "touch", "copy /b NUL"}, *rmfile[3] = {"rm -f", "rm -f", "del"};
data/gmt-6.1.1+dfsg/src/batch.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_file[PATH_MAX] = {""}, state_tag[GMT_LEN16] = {""}, state_prefix[GMT_LEN64] = {""}, param_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/batch.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pre_file[PATH_MAX] = {""}, post_file[PATH_MAX] = {""}, main_file[PATH_MAX] = {""}, line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/batch.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128] = {""}, cmd[GMT_LEN256] = {""}, cleanup_file[PATH_MAX] = {""}, cwd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/batch.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completion_file[PATH_MAX] = {""}, topdir[PATH_MAX] = {""}, workdir[PATH_MAX] = {""}, datadir[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/batch.c:521:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (init_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:555:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pre_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:576:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script since we are running these in batch */
data/gmt-6.1.1+dfsg/src/batch.c:623:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}, cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/batch.c:646:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_jobs = atoi (Ctrl->T.file);
data/gmt-6.1.1+dfsg/src/batch.c:657:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (init_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:691:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (post_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:735:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (state_tag, "%*.*d", precision, precision, job);
data/gmt-6.1.1+dfsg/src/batch.c:738:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (param_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:750:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "BATCH_COL%u", col);
data/gmt-6.1.1+dfsg/src/batch.c:761:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "BATCH_WORD%u", col++);
data/gmt-6.1.1+dfsg/src/batch.c:775:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (main_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/batch.c:800:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script */
data/gmt-6.1.1+dfsg/src/batch.c:831:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (cleanup_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/begin.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/begin.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/block_subs.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[BLK_N_FIELDS]; /* Only first is used for commandline but API may need many */
data/gmt-6.1.1+dfsg/src/block_subs.h:136:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *blk_name[BLK_N_ITEMS] =
data/gmt-6.1.1+dfsg/src/blockmean.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/blockmean.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN512] = {""}, *fcode[BLK_N_FIELDS] = {"z", "s", "l", "h", "w", "", "", ""}, *code[BLK_N_FIELDS];
data/gmt-6.1.1+dfsg/src/blockmean.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/blockmean.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *remarks[BLK_N_FIELDS] = {"Mean value per bin", "Standard deviation per bin", "Lowest value per bin",
data/gmt-6.1.1+dfsg/src/blockmean.c:514:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ] = {""}, txt[GMT_LEN16] = {""}, *names[4] = {"\tmean_z", "\tsum_z", "\twsum_z", "\tn_z"};
data/gmt-6.1.1+dfsg/src/blockmean.c:516:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, names[Ctrl->S.mode]); strcat (header, "[2]");
data/gmt-6.1.1+dfsg/src/blockmean.c:517:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->E.active) { strcat (header, "\tstd_z[3]\tlow_z[4]\thigh_z[5]"); k = 6; }
data/gmt-6.1.1+dfsg/src/blockmedian.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/blockmedian.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN512] = {""}, *old_format = NULL, *fcode[BLK_N_FIELDS] = {"z", "s", "l", "q25", "q75", "h", "w", ""}, *code[BLK_N_FIELDS];
data/gmt-6.1.1+dfsg/src/blockmedian.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/blockmedian.c:562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *remarks[BLK_N_FIELDS] = {"Median value per bin", "L1 scale per bin", "Lowest value per bin", "25% quartile", "75% quartile", "Highest value per bin", "Weight per bin"};
data/gmt-6.1.1+dfsg/src/blockmode.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN16] = {""}, p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/blockmode.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN512] = {""}, *old_format = NULL, *fcode[BLK_N_FIELDS] = {"z", "s", "l", "h", "w", "", "", ""}, *code[BLK_N_FIELDS];
data/gmt-6.1.1+dfsg/src/blockmode.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/blockmode.c:689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *remarks[BLK_N_FIELDS] = {"Median value per bin", "L1 scale per bin", "Lowest value per bin", "Highest value per bin", "Weight per bin"};
data/gmt-6.1.1+dfsg/src/blockmode.c:887:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/clear.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/clear.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_dir[PATH_MAX] = {""}, current_d1[PATH_MAX] = {""}, current_d2[PATH_MAX] = {""}, current_d3[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/clear.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del_cmd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/clear.c:162:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(del_cmd, "rmdir /s /q ");
data/gmt-6.1.1+dfsg/src/dimfilter.c:365:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/dimfilter.c:440:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi (&opt->arg[1]); /* Number of sections to split filter into */
data/gmt-6.1.1+dfsg/src/dimfilter.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filter_name[5] = {"Boxcar", "Cosine Arch", "Gaussian", "Median", "Mode"};
data/gmt-6.1.1+dfsg/src/docs.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX] = {""}, view[PATH_MAX] = {""}, URL[PATH_MAX] = {""}, module[GMT_LEN64] = {""}, name[PATH_MAX] = {""}, *t = NULL, *ext = NULL;
data/gmt-6.1.1+dfsg/src/docs.c:72:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *known_group[2] = {"core", "other"};
data/gmt-6.1.1+dfsg/src/docs.c:73:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *known_doc[9] = {"gmtcolors", "cookbook", "api", "tutorial", "gallery", GMT_SETTINGS_FILE, "gmt", "datasets", "index"};
data/gmt-6.1.1+dfsg/src/docs.c:158:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strncmp (ps_viewer, "gv", 2U)) strcat (view, " &"); /* Need to put gv in the background */
data/gmt-6.1.1+dfsg/src/docs.c:252:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/docs.c:287:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[4] = {""};
data/gmt-6.1.1+dfsg/src/figure.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/filter1d.c:336:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/filter1d.c:339:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/fitcircle.c:187:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->L.norm = (opt->arg[0]) ? atoi(opt->arg) : 3;
data/gmt-6.1.1+dfsg/src/fitcircle.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256] = {""}, record[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/fitcircle.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[2] = {"great", "small"}, *way[4] = {"", "L1","L2","L1 and L2"};
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[N_COMPS]; /* Only first is used for commandline but API may need many */
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:1309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, p[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:1477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *code[N_COMPS] = {"e", "n", "v"};
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[4] = {"Remove mean", "Remove 2-D linear trend\n", "Remove mean and normalize data", "Remove 2-D linear trend and normalize data"};
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comp[2] = {"u(x,y)", "v(x,y)"}, *tag[2] = {"u", "v"};
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:974:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("alpha.txt", "w"); /* Save body forces coefficients for debugging purposes */
data/gmt-6.1.1+dfsg/src/geodesy/gpsgridder.c:1142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, symbol, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comment[3] = {"#", "#", "REM"};
data/gmt-6.1.1+dfsg/src/gmt.c:305:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libraries[GMT_LEN128] = {"netCDF"}; /* Always linked with netCDF */
data/gmt-6.1.1+dfsg/src/gmt.c:307:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (libraries, ", GDAL");
data/gmt-6.1.1+dfsg/src/gmt.c:310:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (libraries, ", PCRE");
data/gmt-6.1.1+dfsg/src/gmt.c:313:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (libraries, ", FFTW");
data/gmt-6.1.1+dfsg/src/gmt.c:316:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (libraries, ", LAPACK");
data/gmt-6.1.1+dfsg/src/gmt.c:319:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (libraries, ", ZLIB");
data/gmt-6.1.1+dfsg/src/gmt2kml.c:144:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open;
data/gmt-6.1.1+dfsg/src/gmt2kml.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256] = {""}, p[GMT_LEN256] = {""}, T[4][GMT_LEN64], *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt2kml.c:456:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.col = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *RefLevel[5] = {"clampToGround", "relativeToGround", "absolute", "relativeToSeaFloor", "clampToSeaFloor"};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char X[GMT_LEN256] = {""}, Y[GMT_LEN256] = {""}, Z[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:734:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *name[2] = {"Wiggle Anomaly", "Positive Anomaly"};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:735:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *feature[5] = {"Point", "Point", "Point", "LineString", "Polygon"};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, description[GMT_BUFSIZ] = {""}, item[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *feature[5] = {"Point", "Point", "Point", "LineString", "Polygon"}, *Document[2] = {"Document", "Folder"};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[5] = {"Point", "Event", "Timespan", "Line", "Polygon"};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN256] = {""}, record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:930:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%.12g"); /* Make sure we use enough decimals */
data/gmt-6.1.1+dfsg/src/gmt2kml.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_name[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt2kml.c:955:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Ctrl->Z.open) gmt2kml_print (API, Out, N, "<open>1</open>");
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1025:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Ctrl->Z.open) gmt2kml_print (API, Out, N, "<open>1</open>");
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_agc_io.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floatvalue[PARAMSIZE+1]; /* Allow space for final \0 */
data/gmt-6.1.1+dfsg/src/gmt_api.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_api.c:753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256] = {""}, O, M;
data/gmt-6.1.1+dfsg/src/gmt_api.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN128] = {""}, p[GMT_LEN16] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:807:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char not_used[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:915:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *source[4] = {"GMT_SESSION_NAME", "parent", "app", "hardwired choice"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PATH_MAX] = {""}, plugindir[PATH_MAX] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *extension[1] = {".dll"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *extension[2] = {".so", ".dylib"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *extension[1] = {".so"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:1032:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (plugindir, "/Debug"); /* The Xcode plugin path for Debug */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1327:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stamp[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:1568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modifier[3] = {'+', '?', 0}; /* We will replace ? with an actual modifier */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1623:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_to_add[family] = (s[k][K_DIR+1] == '+') ? GMTAPI_UNLIMITED : atoi (&s[k][K_DIR+1]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:1910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *regtype[2] = {"gridline", "pixel"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:2231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bin_mode[3] = { "rb", "rb+", "wb"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:2256:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (mode == 'r' && !R->open) /* First time reading the info */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2258:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (R->open) /* Coming back to update the header */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2265:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (R->open) return (GMT_NOERROR); /* Already set the first time */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2317:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_api.c:2460:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dir[2] = {"from", "to"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:2461:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *operation[3] = {"Reading", "Writing", "Appending"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:2569:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.filename[direction], "<matrix memory>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:2588:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.filename[direction], "<vector memory>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:3016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cptfile[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:4109:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (I->header->mem_layout, "TRP"); /* Layout use in all PPM files */
data/gmt-6.1.1+dfsg/src/gmt_api.c:5250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char M_file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5272:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5274:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<input stream>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5284:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5286:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<input file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char M_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5532:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg1[2] = {"Writing", "Appending"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5541:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg2[2] = {"create", "append to"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5544:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (&M_file[append], (append) ? "a" : "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:5554:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5556:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5566:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5568:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (M_file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char V_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5685:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg1[2] = {"Writing", "Appending"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5697:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg2[2] = {"create", "append to"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5700:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (&V_file[append], (append) ? "a" : "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:5710:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5712:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5722:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5724:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char V_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:5855:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5857:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<input stream>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5867:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:5869:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (V_file, "<input file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6458:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (tmp_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:6465:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_color[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:6640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_api.c:6769:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_api.c:6771:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mode & GMT_COMMENT_IS_TITLE) strcat (buffer, " Title :");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6773:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " Command : ");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6778:39: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mode & GMT_COMMENT_IS_REMARK) strcat (buffer, " Remark : ");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6779:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mode & GMT_COMMENT_IS_MULTISEG) strcat (buffer, "> ");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:6880:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:7116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256], *file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:7990:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPT_file[PATH_MAX] = {""}, *file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:8023:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data_type[2] = {"table", "grid"}, *dim_name[2] = {"<n_columns>", "<n_columns>/<n_rows>"}, *trend_type[2] = {"line", "plane"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dim_ref[2] = {"dimension", "dimensions"}, *linear_type[2] = {"linear", "planar"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:10378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *method[2] = {"edge-point", "mirror"}, *comp[2] = {"real", "imaginary"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10570:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mode[GMT_FFT_N_SUGGEST] = {"fastest", "most accurate", "least storage"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10709:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10822:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Out->header->x_units, "xunit^(-1)"); strcpy (Out->header->y_units, "yunit^(-1)");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10822:47: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Out->header->x_units, "xunit^(-1)"); strcpy (Out->header->y_units, "yunit^(-1)");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10824:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Out->header->remark, "Applied fftshift: kx,ky = (0,0) now at (n_columns/2 + 1,n_rows/2");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10852:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (k == 1 && mode) strcpy (Out->header->z_units, "radians");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10929:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char full_name[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:10983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt_module[GMT_LEN64] = "GMT_";
data/gmt-6.1.1+dfsg/src/gmt_api.c:10993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt_module[GMT_LEN256] = {""}; /* To form name of gmt_<lib>_module_show|list_all function */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11017:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt_module[GMT_LEN64] = "gmt";
data/gmt-6.1.1+dfsg/src/gmt_api.c:11042:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt_module[GMT_LEN32] = "gmt";
data/gmt-6.1.1+dfsg/src/gmt_api.c:11118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt_module[GMT_LEN32] = "gmt";
data/gmt-6.1.1+dfsg/src/gmt_api.c:11166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3] = {"+?"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[GMT_LEN32] = {""}, argument[PATH_MAX] = {""}, strip_colon_opt = 0;
data/gmt-6.1.1+dfsg/src/gmt_api.c:11317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *special_text[3] = {" [satisfies required input]", " [satisfies required output]", ""}, *satisfy = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:11507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[4] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11667:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = {'?',0};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11721:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *omode[2] = {"Primary", "Secondary"};
data/gmt-6.1.1+dfsg/src/gmt_api.c:11843:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%d", API->pad);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11855:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%d", API->n_cores);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11862:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "columns");
data/gmt-6.1.1+dfsg/src/gmt_api.c:11864:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "rows");
data/gmt-6.1.1+dfsg/src/gmt_api.c:11895:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pad = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""}, arg[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:12054:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char not_used[GMT_LEN32];
data/gmt-6.1.1+dfsg/src/gmt_api.c:12137:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (dest, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:12192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, unit, col_set_save[2][2];
data/gmt-6.1.1+dfsg/src/gmt_api.c:13700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_path[PATH_MAX] = {""}, local_path[PATH_MAX] = {""}, was, *file = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_api.c:13802:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xx1[GMT_LEN64] = {""}, xx2[GMT_LEN64] = {""}, yy1[GMT_LEN64] = {""}, yy2[GMT_LEN64] = {""}, line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_api.c:13818:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (API->GMT->current.ps.filename, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:13829:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN16+1] = {""};
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:950:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.year) : sprintf (string, "%04d", calendar.year);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:950:64: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.year) : sprintf (string, "%04d", calendar.year);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:954:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%02d", calendar.year % 100);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:960:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.month) : sprintf (string, "%02d", calendar.month);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:960:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.month) : sprintf (string, "%02d", calendar.month);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:966:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.iso_w) : sprintf (string, "%02d", calendar.iso_w);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:966:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.iso_w) : sprintf (string, "%02d", calendar.iso_w);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:973:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%d", (calendar.day_w - GMT->current.setting.time_week_start + 7) % 7 + 1);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:981:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.day_y) : sprintf (string, "%03d", calendar.day_y);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:981:66: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.day_y) : sprintf (string, "%03d", calendar.day_y);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:983:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.day_m) : sprintf (string, "%02d", calendar.day_m);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:983:66: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.day_m) : sprintf (string, "%02d", calendar.day_m);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:989:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.hour) : sprintf (string, "%02d", calendar.hour);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:989:64: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.hour) : sprintf (string, "%02d", calendar.hour);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:995:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.min) : sprintf (string, "%02d", calendar.min);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:995:63: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", calendar.min) : sprintf (string, "%02d", calendar.min);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1004:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1013:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", irint(calendar.sec)) : sprintf (string, "%02d", irint(calendar.sec));
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1013:71: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", irint(calendar.sec)) : sprintf (string, "%02d", irint(calendar.sec));
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1017:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1021:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", irint(calendar.sec)) : sprintf (string, "%02d", irint(calendar.sec));
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1021:70: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(P->date.compact) ? sprintf (string, "%d", irint(calendar.sec)) : sprintf (string, "%02d", irint(calendar.sec));
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:1025:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_cdf.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_GRID_COMMAND_LEN320+GMT_GRID_REMARK_LEN160];
data/gmt-6.1.1+dfsg/src/gmt_common.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN128]; /* The symbol label */
data/gmt-6.1.1+dfsg/src/gmt_common.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN128]; /* Header for the whole legend H */
data/gmt-6.1.1+dfsg/src/gmt_common.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subheader[GMT_LEN128]; /* Subheader, i.e., line label L*/
data/gmt-6.1.1+dfsg/src/gmt_common.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font[GMT_LEN32]; /* Fontsize to use for current H or L */
data/gmt-6.1.1+dfsg/src/gmt_common.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN32]; /* Fill of the canvas behind the legend */
data/gmt-6.1.1+dfsg/src/gmt_common.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gap[GMT_LEN32]; /* Move this much down before placing symbol entry */
data/gmt-6.1.1+dfsg/src/gmt_common.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char off[GMT_LEN32]; /* Offset of anchor point for frame */
data/gmt-6.1.1+dfsg/src/gmt_common.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[3][GMT_LEN32]; /* Pens to use with +d and +v and +p */
data/gmt-6.1.1+dfsg/src/gmt_common.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2][GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128];
data/gmt-6.1.1+dfsg/src/gmt_common.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zstring[GMT_LEN128]; /* For -Jz|Z */
data/gmt-6.1.1+dfsg/src/gmt_common.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proj4string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WKTstring[GMT_LEN1024];
data/gmt-6.1.1+dfsg/src/gmt_common.h:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_ASPATIAL];
data/gmt-6.1.1+dfsg/src/gmt_common.h:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[2]; /* Default column type, if set [d for double] */
data/gmt-6.1.1+dfsg/src/gmt_common.h:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnames[GMT_BUFSIZ]; /* List of variable names to be input/output in netCDF mode [GMT4 COMPATIBILITY ONLY] */
data/gmt-6.1.1+dfsg/src/gmt_common.h:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_common.h:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN8];
data/gmt-6.1.1+dfsg/src/gmt_common.h:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BC[4]; /* For BC settings via +bg|n[x|y]|p[x|y] */
data/gmt-6.1.1+dfsg/src/gmt_common.h:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64]; /* Copy of argument */
data/gmt-6.1.1+dfsg/src/gmt_common.h:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_common.h:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2][GMT_LEN16];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:102:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR path[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char candidate_abs[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:251:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR path[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char runtime_libdir[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindir [PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_common_sighandler.c:151:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen( "/proc/self/statm", "r" )) == NULL )
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:672:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path_fixed[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bname[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:727:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bname, startp, len);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:831:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, start_substr, substr_len);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:833:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, s3, s3_len);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, start_substr, remains);
data/gmt-6.1.1+dfsg/src/gmt_contour.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX]; /* File with crossing lines, if specified */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[GMT_BUFSIZ]; /* Copy of the option string */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_BUFSIZ]; /* Fixed label */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_file[PATH_MAX]; /* Output files for text dump of label locations */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[GMT_LEN64]; /* Unit for labels */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[GMT_LEN64]; /* prefix for labels */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crossect_tag[2][GMT_LEN64]; /* suffix for crossection beginning and end labels */
data/gmt-6.1.1+dfsg/src/gmt_contour.h:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_name[16]; /* Name of line: contour or line */
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1170:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)vptr)[k] = (char)lrintf (z);
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1197:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fval = (gmt_grdfloat)(((char *)vptr)[k]);
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4]; /* ASCII Binary identifier (DSBB) */
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id2[4]; /* Tag ID indicating a grid section (GRID) */
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id3[4]; /* Tag ID indicating a data section (DATA) */
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[5];
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[5];
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1409:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->title, "Grid originally in Surfer 6 format");
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1418:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->title, "Grid originally in Surfer 7 format");
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1800:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->title, "Grid imported via GDAL");
data/gmt-6.1.1+dfsg/src/gmt_customio.c:1851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strR[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_customio.c:2045:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[16], type[16], *pch;
data/gmt-6.1.1+dfsg/src/gmt_customio.c:2464:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *formats_sorted[GMT_N_GRD_FORMATS];
data/gmt-6.1.1+dfsg/src/gmt_customio.c:2471:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (formats_sorted, Ctrl->session.grdformat, GMT_N_GRD_FORMATS * sizeof(char*));
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char continent[4]; /* 2-char continent code (EU, NA, SA, AF, AU, AN) */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4]; /* 2-char country code ISO 3166-1 (e.g., NO, US) */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80]; /* Full name of the country */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[4]; /* 2-char country code ISO 3166-1 (e.g., BR, US) */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4]; /* 2/3-char state codes for US, Canada, China, Argentina, Australia, Brazil, Russia (e.g., TX) */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80]; /* Full name of the state */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[4]; /* 2/3-char country code ISO 3166-1 (e.g., BR, US) for countries with states */
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_DCW_continents[GMT_DCW_N_CONTINENTS] = {"Africa", "Antarctica", "Asia", "Europe", "Oceania", "North America", "South America", "Miscellaneous"};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, line[BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:120:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:144:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:218:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int k = 0, id = atoi (scode);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TAG[GMT_LEN16] = {""}, dim[GMT_LEN16] = {""}, xname[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yname[GMT_LEN16] = {""}, code[GMT_LEN16] = {""}, state[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[GMT_BUFSIZ] = {""}, path[PATH_MAX] = {""}, list[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[GMT_LEN32] = {""}, gmtversion[GMT_LEN32] = {""}, source[GMT_LEN256] = {""}, title[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""}, header[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:557:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, "-Ph");
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:575:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, " -G"); strcat (header, gmtlib_putfill (GMT, sfill));
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:578:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, " -G-");
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:580:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, " -W"); strcat (header, gmt_putpen (GMT, spen));
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:583:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, " -W-");
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_BUFSIZ] = {""}, in_string[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:658:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *action[2] = {"extract", "plot"};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *action2[2] = {"extracting", "plotting"};
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *c = NULL, *a = NULL, *q = NULL;
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_name[16]; /* Name of line: "contour" or "line" */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX]; /* File with crossing lines, if specified */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[GMT_BUFSIZ]; /* Copy of the option string */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[GMT_LEN64]; /* The symbol size */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN64]; /* The symbol fill */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64]; /* The symbol outline pen */
data/gmt-6.1.1+dfsg/src/gmt_decorate.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol_code[GMT_LEN64]; /* The symbol code only as a null-terminated string */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64]; /* Datum name */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ellipsoid[GMT_LEN64]; /* Ellipsoid GMT ID name */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN256]; /* Region of use */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_clock_in[GMT_LEN64]; /* How to decode an incoming clock string [hh:mm:ss] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_clock_out[GMT_LEN64]; /* Controls how clocks are written on output [hh:mm:ss] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_clock_map[GMT_LEN64]; /* Controls how clocks are plotted on maps [hh:mm:ss] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_date_in[GMT_LEN64]; /* How to decode an incoming date string [yyyy-mm-dd] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_date_out[GMT_LEN64]; /* Controls how dates are written on output [yyyy-mm-dd] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_date_map[GMT_LEN64]; /* Controls how dates are plotted on maps [yyyy-mm-dd] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_geo_out[GMT_LEN64]; /* Controls how degrees are written on output [000 = dd.xxxx] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_geo_map[GMT_LEN64]; /* Controls how degrees are plotted on maps [020 = dd:mm:ss as in old DEGREE_FORMAT = 0] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_float_out[GMT_LEN64]; /* Default double output format [%g] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_float_out_orig[GMT_LEN256]; /* User-specified format for all columns */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_float_map[GMT_LEN64]; /* Default double plot format [%g] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_time[2][GMT_LEN64]; /* Controls annotation format for Months/Weeks/Weekdays for primary and secondary axes */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_time_stamp[GMT_LEN256]; /* Specify the format for writing time stamps (see strftime) */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_col_separator[GMT_LEN8]; /* Separator between output ASCII data columns [tab] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_gridfile_format[GMT_LEN64]; /* Default grid file format */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_seg_marker[2]; /* Character used to recognize and write segment headers [>,>] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_head_marker_in[GMT_LEN32]; /* Characters used to recognize input header records [#%!;"'] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_frame_axes[6]; /* Which axes to draw and annotate ["WESNZ"] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_annot_ortho[6]; /* Which axes have orthogonal annotations in linear projections ["we"] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_transpmode[GMT_LEN16]; /* Transparency mode for PDF only */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_convert[GMT_LEN256]; /* Arguments for implicit psconvert calls under modern mode [""] */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[GMT_LEN64]; /* Language file for localization support */
data/gmt-6.1.1+dfsg/src/gmt_defaults.h:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char given_unit[GMT_N_KEYS]; /* Unit given or implied for each setting */
data/gmt-6.1.1+dfsg/src/gmt_enum_dict.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/gmt-6.1.1+dfsg/src/gmt_error.h:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, item[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:42:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "xllcorner ");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:46:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "yllcorner ");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:52:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "xllcenter ");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:56:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "yllcenter ");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:61:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "cellsize ");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:250:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->remark, "Assumed to be a SRTM3 tile");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:254:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->remark, "Assumed to be a SRTM1 tile");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:390:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file, ".HDR");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:392:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file, ".hdr");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:433:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->remark, "Assumed to be a GTOPO30 or SRTM30 tile");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:583:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&u, &tmp[actual_col[col]], sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:585:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp[actual_col[col]], &u, sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[GMT_LEN64], c[2] = {0, 0};
data/gmt-6.1.1+dfsg/src/gmt_fft.c:365:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wisdom_file[PATH_MAX+256] = "\0";
data/gmt-6.1.1+dfsg/src/gmt_fft.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[257];
data/gmt-6.1.1+dfsg/src/gmt_fft.c:374:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (wisdom_file, "/" FFTWF_WISDOM_FILENAME "_");
data/gmt-6.1.1+dfsg/src/gmt_fft.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filenames[3], **filename = filenames;
data/gmt-6.1.1+dfsg/src/gmt_fft.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[GMT_LEN64]; /* Suffix used to form output names if save[GMT_IN] is true [tapered] */
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN512] = {""}, *txt_in; /* Passed a single text string */
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:240:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ext_opts, " -of netCDF -co FORMAT=NC4 -co ZLEVEL=5 -co COMPRESS=DEFLATE -co CHUNKING=YES");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:243:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strstr(GDLL->opts, "netCDF=")) strcat(ext_opts, " -of netCDF");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:244:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strstr(GDLL->opts, "FORMAT=")) strcat(ext_opts, " -co FORMAT=NC4");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:245:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strstr(GDLL->opts, "ZLEVEL=")) strcat(ext_opts, " -co ZLEVEL=5");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:246:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strstr(GDLL->opts, "COMPRESS=")) strcat(ext_opts, " -co COMPRESS=DEFLATE");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:247:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strstr(GDLL->opts, "CHUNKING=")) strcat(ext_opts, " -co CHUNKING=YES");
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:253:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ext_opts, " -of MEM"); /* For GMT we need the data in the MEM driver */
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_opts[GMT_LEN512] = {""}, **args;
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_opts[GMT_LEN512] = {""}, **args;
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:418:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_opts, "-ot Float32 -txe %lf %lf -tye %lf %lf -outsize %d %d ",
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_opts[GMT_LEN512] = {""}, **args;
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:451:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_opts, "-ot Float32 -te %lf %lf %lf %lf -ts %d %d ",
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_opts[GMT_LEN512] = {""}, **args;
data/gmt-6.1.1+dfsg/src/gmt_gdalcall.c:493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_opts[GMT_LEN512] = {""}, **args;
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generic_buffer[5000];
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:142:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMT_LOCAL void ComputeRasterMinMax(struct GMT_CTRL *GMT, unsigned char *tmp, GDALRasterBandH hBand, double adfMinMax[2],
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpI16, &tmp[i * sizeof(int16_t)], sizeof(int16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:175:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpUI16, &tmp[i * sizeof(uint16_t)], sizeof(uint16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpI32, &tmp[i * sizeof(int32_t)], sizeof(int32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpUI32, &tmp[i * sizeof(uint32_t)], sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpF32, &tmp[i * sizeof(float)], sizeof(float));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpF64, &tmp[i * sizeof(double)], sizeof(double));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:842:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jump = atoi(prhs->P.jump);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1199:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->UInt8.data[i_x_nXYSize], tmp, (size_t)nBufYSize * (size_t)nBufXSize);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1203:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->UInt8.data[i_x_nXYSize], tmp, (size_t)nBufYSize * (size_t)nBufXSize);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1233:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpI16, &tmp[(rowVec[mm] + n) * sizeof(int16_t)], sizeof(int16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1237:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Ctrl->Int16.data[nn++], &tmp[(rowVec[mm] + n) * sizeof(int16_t)], sizeof(int16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1246:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpI16, &tmp[(rowVec[mm] + n) * sizeof(int16_t)], sizeof(int16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1250:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Ctrl->Int16.data[nn++], &tmp[(rowVec[mm] + n) * sizeof(int16_t)], sizeof(int16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1261:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpUI16, &tmp[(rowVec[mm] + n) * sizeof(uint16_t)], sizeof(uint16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1265:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->UInt16.data[nn++], &tmp[(rowVec[mm] + n) * sizeof(uint16_t)], sizeof(uint16_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1275:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpI32, &tmp[(rowVec[mm] + n) * sizeof(int32_t)], sizeof(int32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1279:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->Int32.data[nn++], &tmp[(rowVec[mm] + n) * sizeof(int32_t)], sizeof(int32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1289:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpUI32, &tmp[(rowVec[mm] + n) * sizeof(int32_t)], sizeof(int32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1293:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->UInt32.data[nn++], &tmp[(rowVec[mm] + n) * sizeof(int32_t)], sizeof(int32_t));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1301:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Ctrl->Float.data[nn], &tmp[(rowVec[mm]+n) * sizeof(float)], sizeof(float));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:1312:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmpF64, &tmp[(rowVec[mm]+n) * sizeof(double)], sizeof(double));
data/gmt-6.1.1+dfsg/src/gmt_gdalread.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layout[4]; /* A 3 letter code specifying the image memory layout plus a A|a if alpha data in array */
data/gmt-6.1.1+dfsg/src/gmt_gdalread.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_layout[4];
data/gmt-6.1.1+dfsg/src/gmt_gdalread.h:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char side[1]; /* If array is going to pasted (grdpaste), tell in what side 'lrtb' */
data/gmt-6.1.1+dfsg/src/gmt_gdalwrite.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *gdal_drv[N_GDAL_EXTENSIONS] = {"GTiff", "GIF", "PNG", "JPEG", "BMP"};
data/gmt-6.1.1+dfsg/src/gmt_gdalwrite.c:469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[64];
data/gmt-6.1.1+dfsg/src/gmt_grd.h:137:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define gmt_M_grd_setpad(C,h,newpad) memcpy ((h)->pad, newpad, 4*sizeof(unsigned int))
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[2] = {"read", "imaginary"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_code[3];
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_code[3];
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[3] = {"south", "", "north"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[3][GMT_LEN256], *units = NULL;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN512] = {""}; /* But it's copied at most 256 chars into header->name so 256 should do */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string[3] = {NULL, NULL, NULL}, unit[GMT_GRID_UNIT_LEN80] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[GMT_LEN16] = {""}, clock[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1200:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string[i], "longitude [degrees_east]"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1202:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string[i], "latitude [degrees_north]"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1209:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "years"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1211:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "months"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1213:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "days"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1215:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "hours"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1217:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "minutes"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1219:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "seconds"); break;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dir[2] = {"input", "output"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1298:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type[2] = {"longitude", "latitude"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1326:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type[4] = {"xmin", "xmax", "ymin", "ymax"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1562:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned id_candidate = (unsigned) abs (atoi (code));
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1965:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem[4];
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1981:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->x_units, "longitude [degrees_east]");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1982:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header->y_units, "latitude [degrees_north]");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[GMT_LEN64] = {""}, *txt = NULL;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comp[2] = {"real", "imaginary"};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3022:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, top, n_cols * cell_size); /* save top row */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3023:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (top, bottom, n_cols * cell_size); /* copy bottom to top */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bottom, tmp, n_cols * cell_size); /* copy tmp to bottom */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3133:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3154:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strR[GMT_LEN128];
data/gmt-6.1.1+dfsg/src/gmt_grdio.h:115:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open; /* true if we have already opened the file */
data/gmt-6.1.1+dfsg/src/gmt_hash.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key[GMT_HASH_MAXDEPTH]; /* Name of these entries */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *proj[4]; /* @J: The 1-4 projection strings [NULL if not set] */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2]; /* Name of file or source [0 = in, 1 = out] */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2]; /* Name of file or source [0 = in, 1 = out] */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2]; /* Name of file or source [0 = in, 1 = out] */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_GRID_NAME_LEN256]; /* Actual name of the file after any ?<varname> and =<stuff> has been removed */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[GMT_GRID_VARNAME_LEN80];/* NetCDF: variable name */
data/gmt-6.1.1+dfsg/src/gmt_hidden.h:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[4]; /* Flags used for ESRI grids */
data/gmt-6.1.1+dfsg/src/gmt_init.c:273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_keywords[GMT_N_KEYS] = { /* Names of all parameters in gmt.conf */
data/gmt-6.1.1+dfsg/src/gmt_init.c:279:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_unique_option[GMT_N_UNIQUE] = { /* The common GMT command-line options [ just the subset that accepts arguments (e.g., -O is not listed) ] */
data/gmt-6.1.1+dfsg/src/gmt_init.c:283:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_media_name[GMT_N_MEDIA] = { /* Names of all recognized paper formats */
data/gmt-6.1.1+dfsg/src/gmt_init.c:290:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *gmt_M_color_name[GMT_N_COLOR_NAMES] = { /* Names of all the X11 colors */
data/gmt-6.1.1+dfsg/src/gmt_init.c:294:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_weekdays[7] = { /* Days of the week in English [Default] */
data/gmt-6.1.1+dfsg/src/gmt_init.c:298:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_just_string[12] = { /* Strings to specify justification */
data/gmt-6.1.1+dfsg/src/gmt_init.c:359:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *map_annot_oblique_item[N_MAP_ANNOT_OBLIQUE_ITEMS] = {
data/gmt-6.1.1+dfsg/src/gmt_init.c:618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_arg[GMT_LEN256] = {""}, add[GMT_LEN64] = {""}, argument[GMT_LEN64] = {""}, orig[GMT_BUFSIZ] = {""}, copy[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:716:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.io_head_marker_in, "#%\"\'"); /* Accept GMT or MATLAB header records or comments or quoted text */
data/gmt-6.1.1+dfsg/src/gmt_init.c:750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:784:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (&item[k]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:856:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256] = {""}, Jstring[GMT_LEN128] = {""}, in_string[GMT_VF_LEN] = {""}, out_string[GMT_VF_LEN] = {""}, origin_flag[4] = {""}, *v = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:903:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (origin_flag, "+m");
data/gmt-6.1.1+dfsg/src/gmt_init.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, name[GMT_BUFSIZ] = {""}, A[GMT_LEN64] = {""}, *s = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:1127:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi (A);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1274:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncol = atoi (&text[i]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:1467:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n += atoi (&txt[k+1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:1537:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[GMT_BUFSIZ] = {""}, term[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:1542:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi (arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1546:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (new, "+r"); /* Add robust flag */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1549:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi (arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *this_range = NULL, *arg = NULL, *name = "pcs", *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:1713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *way[2] = {"last squares", "robust"}, report[GMT_BUFSIZ] = {""}, piece[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:1716:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (report, "y(x) = ");
data/gmt-6.1.1+dfsg/src/gmt_init.c:1734:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
((n_model - k) > 1) ? strcat (report, " + ") : strcat (report, "\n");
data/gmt-6.1.1+dfsg/src/gmt_init.c:1761:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n[GMT_X] += atoi (&txt[k+1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1772:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n[GMT_Y] += atoi (&txt[k+1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *this_range = NULL, *arg = NULL, *name = "pcs", *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:1971:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *way[2] = {"last squares", "robust"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:2040:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_j[GMT_LEN256] = {""}, txt_x[GMT_LEN256] = {""}, txt_y[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2082:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->common.x.n_threads = atoi (arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2098:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mode[4] = {"i", "o", "", ""}, *dir[2] = {"input", "output"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:2337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, tmp[GMT_MAX_COLUMNS] = {""}, *ca = NULL, *cr = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:2514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2527:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = stop = atoi (fmt);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2569:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fpo = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:2599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trans[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""}, a[GMT_LEN64] = {""}, b[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[GMT_LEN64] = {""}, d[GMT_LEN64] = {""}, e[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2661:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL)
data/gmt-6.1.1+dfsg/src/gmt_init.c:2712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2746:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2767:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, panel[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2799:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag, ".inset");
data/gmt-6.1.1+dfsg/src/gmt_init.c:2812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag, ".%d.subplot", fig);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag, ".%d", fig);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, hfile[PATH_MAX] = {""}, cwd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[GMT_LEN64] = {""}, value[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2868:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (hfile, "r+")) == NULL) /* In order to place an exclusive lock, fp must be open for writing */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2902:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->current.ps.clip_level = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2906:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->current.ps.layer = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hfile[PATH_MAX] = {""}, cwd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2952:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:2966:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (hfile, "w")) == NULL) return (-1); /* Not OK to be unsuccessful in creating this file */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3031:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *how[2] = {"detected", "created"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark[2] = {':', ';'};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item[2] = {"@:", "@^"}, mark[2] = {':', '^'}, *s = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:3398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[GMT_LEN8] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1[GMT_BUFSIZ] = "", out2[GMT_BUFSIZ] = "", out3[GMT_BUFSIZ] = "", info[3][GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN64] = {""}, B[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3780:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workspace[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3790:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workspace[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:3973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, text[GMT_BUFSIZ] = {""}, *mod = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:4117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_BUFSIZ] = {""}, orig_string[GMT_BUFSIZ] = {""}, text[GMT_BUFSIZ] = {""}, *mod = NULL, *the_axes = "xyz";
data/gmt-6.1.1+dfsg/src/gmt_init.c:4144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group_sep[2] = {" "};
data/gmt-6.1.1+dfsg/src/gmt_init.c:4184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_init.c:4463:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmtinit_scale_or_width (GMT, strcat(scale_or_width,":1"), value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod, args_cp[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:4511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_d[GMT_LEN256] = {""}, txt_e[GMT_LEN256] = {""}, last_char = 0, *d = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:4512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_arr[11][GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_init.c:4757:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:4925:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (txt_c, "180");
data/gmt-6.1.1+dfsg/src/gmt_init.c:4927:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (txt_c, "60");
data/gmt-6.1.1+dfsg/src/gmt_init.c:4929:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (txt_c, "90");
data/gmt-6.1.1+dfsg/src/gmt_init.c:4971:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (txt_c, "90"); /* Initialize default horizon */
data/gmt-6.1.1+dfsg/src/gmt_init.c:5302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:5392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_init.c:5434:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_KM], "km");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5435:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_MILE], "mile");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5436:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_NAUTICAL_MILE], "nautical mile");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5437:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_INCH], "inch");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5438:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_CM], "cm");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5439:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_PT], "point");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5440:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_FOOT], "foot");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5441:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.proj.unit_name[GMT_IS_SURVEY_FOOT], "survey foot");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[GMT_LEN8];
data/gmt-6.1.1+dfsg/src/gmt_init.c:5487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:5528:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][0], "January"); strcpy (GMT->current.language.month_name[1][0], "Jan");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5528:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][0], "January"); strcpy (GMT->current.language.month_name[1][0], "Jan");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5529:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][0], "J"); strcpy (GMT->current.language.month_name[3][0], "JAN");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5530:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][1], "February");strcpy (GMT->current.language.month_name[1][1], "Feb");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5530:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][1], "February");strcpy (GMT->current.language.month_name[1][1], "Feb");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5531:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][1], "F"); strcpy (GMT->current.language.month_name[3][1], "FEB");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5532:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][2], "March"); strcpy (GMT->current.language.month_name[1][2], "Mar");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5532:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][2], "March"); strcpy (GMT->current.language.month_name[1][2], "Mar");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5533:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][2], "M"); strcpy (GMT->current.language.month_name[3][2], "MAR");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5534:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][3], "April"); strcpy (GMT->current.language.month_name[1][3], "Apr");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5534:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][3], "April"); strcpy (GMT->current.language.month_name[1][3], "Apr");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5535:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][3], "A"); strcpy (GMT->current.language.month_name[3][3], "APR");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5536:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][4], "May"); strcpy (GMT->current.language.month_name[1][4], "May");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5536:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][4], "May"); strcpy (GMT->current.language.month_name[1][4], "May");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5537:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][4], "M"); strcpy (GMT->current.language.month_name[3][4], "MAY");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5538:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][5], "June"); strcpy (GMT->current.language.month_name[1][5], "Jun");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5538:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][5], "June"); strcpy (GMT->current.language.month_name[1][5], "Jun");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5539:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][5], "J"); strcpy (GMT->current.language.month_name[3][5], "JUN");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5540:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][6], "July"); strcpy (GMT->current.language.month_name[1][6], "Jul");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5540:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][6], "July"); strcpy (GMT->current.language.month_name[1][6], "Jul");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5541:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][6], "J"); strcpy (GMT->current.language.month_name[3][6], "JUL");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5542:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][7], "August"); strcpy (GMT->current.language.month_name[1][7], "Aug");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5542:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][7], "August"); strcpy (GMT->current.language.month_name[1][7], "Aug");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5543:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][7], "A"); strcpy (GMT->current.language.month_name[3][7], "AUG");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5544:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][8], "September");strcpy(GMT->current.language.month_name[1][8], "Sep");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5544:63: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][8], "September");strcpy(GMT->current.language.month_name[1][8], "Sep");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5545:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][8], "S"); strcpy (GMT->current.language.month_name[3][8], "SEP");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5546:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][9], "October"); strcpy (GMT->current.language.month_name[1][9], "Oct");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5546:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][9], "October"); strcpy (GMT->current.language.month_name[1][9], "Oct");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5547:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][9], "O"); strcpy (GMT->current.language.month_name[3][9], "OCT");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5548:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][10],"November");strcpy (GMT->current.language.month_name[1][10],"Nov");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5548:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][10],"November");strcpy (GMT->current.language.month_name[1][10],"Nov");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5549:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][10],"N"); strcpy (GMT->current.language.month_name[3][10],"NOV");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5550:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][11],"December");strcpy (GMT->current.language.month_name[1][11],"Dec");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5550:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[0][11],"December");strcpy (GMT->current.language.month_name[1][11],"Dec");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5551:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.month_name[2][11],"D"); strcpy (GMT->current.language.month_name[3][11],"DEC");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5554:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.week_name[0], "Week"); strcpy (GMT->current.language.week_name[1], "Wk");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5554:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.week_name[0], "Week"); strcpy (GMT->current.language.week_name[1], "Wk");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5558:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][0], "Sunday"); strcpy (GMT->current.language.day_name[1][0], "Sun");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5558:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][0], "Sunday"); strcpy (GMT->current.language.day_name[1][0], "Sun");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5560:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][1], "Monday"); strcpy (GMT->current.language.day_name[1][1], "Mon");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5560:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][1], "Monday"); strcpy (GMT->current.language.day_name[1][1], "Mon");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5562:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][2], "Tuesday"); strcpy (GMT->current.language.day_name[1][2], "Tue");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5562:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][2], "Tuesday"); strcpy (GMT->current.language.day_name[1][2], "Tue");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5564:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][3], "Wednesday");strcpy (GMT->current.language.day_name[1][3], "Wed");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5564:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][3], "Wednesday");strcpy (GMT->current.language.day_name[1][3], "Wed");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5566:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][4], "Thursday"); strcpy (GMT->current.language.day_name[1][4], "Thu");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5566:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][4], "Thursday"); strcpy (GMT->current.language.day_name[1][4], "Thu");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5568:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][5], "Friday"); strcpy (GMT->current.language.day_name[1][5], "Fri");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5568:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][5], "Friday"); strcpy (GMT->current.language.day_name[1][5], "Fri");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5570:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][6], "Saturday"); strcpy (GMT->current.language.day_name[1][6], "Sat");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5570:61: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.day_name[0][6], "Saturday"); strcpy (GMT->current.language.day_name[1][6], "Sat");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5574:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.cardinal_name[0][0], "West"); strcpy (GMT->current.language.cardinal_name[1][0], "W");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5576:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.cardinal_name[0][1], "East"); strcpy (GMT->current.language.cardinal_name[1][1], "E");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5578:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.cardinal_name[0][2], "South"); strcpy (GMT->current.language.cardinal_name[1][2], "S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5580:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.language.cardinal_name[0][3], "North"); strcpy (GMT->current.language.cardinal_name[1][3], "N");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""}, full[16] = {""}, abbrev[16] = {""}, c[16] = {""}, dwu;
data/gmt-6.1.1+dfsg/src/gmt_init.c:5634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *months[12];
data/gmt-6.1.1+dfsg/src/gmt_init.c:5647:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:5651:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:5655:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.language, "us");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5725:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(GMT->current.setting.format_clock_in, "hh:mm:ss");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5728:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_date_in, "yyyy-mm-dd");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5731:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_clock_out, "hh:mm:ss");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5734:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_date_out, "yyyy-mm-dd");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5740:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_clock_map, "hh:mm:ss");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5743:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_date_map, "yyyy-mm-dd");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5746:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_geo_map, "ddd:mm:ss");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5749:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_time[GMT_PRIMARY], "full");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5751:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_time[GMT_SECONDARY], "full");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5753:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%.12g");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5754:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out_orig, "%.12g");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5756:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_map, "%.12g");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5758:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_time_stamp, "%Y %b %d %H:%M:%S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5798:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.map_annot_ortho, "we");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5802:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.map_frame_axes, "WESNZ");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5891:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.ps_encoding.name, "ISOLatin1+");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5931:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.ps_transpmode, "Normal");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5944:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.io_gridfile_format, "nf");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6012:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.language, "us");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6041:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.time_system.epoch, "1970-01-01T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6087:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.ps_encoding.name, "Standard+");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:6132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:6133:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen (fullname, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:6190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, file[PATH_MAX] = {""}, media[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:6194:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) return (0); /* Not a critical file so no error if we cannot read it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:6257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX+1];
data/gmt-6.1.1+dfsg/src/gmt_init.c:6258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unit_name[4] = {"cm", "inch", "m", "point"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:6396:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.time_system.epoch, "2000-01-01T12:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u, *GMT_choice[2] = {"OFF", "ON"}, *V_code = "qewticd";
data/gmt-6.1.1+dfsg/src/gmt_init.c:7179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[16], *type[3] = {"Contour", "Line", "Decorated line"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *feature[3] = {"label", "label", "symbol"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[16];
data/gmt-6.1.1+dfsg/src/gmt_init.c:7243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[3] = {"contour", "quoted line", "decorated line"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *feature[3] = {"label", "label", "symbol"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[GMT_ANCHOR_NTYPES] = {"logo", "image", "legend", "color-bar", "inset", "map scale", "map rose", "vertical scale"}, *tab[2] = {"", " "};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *just[GMT_ANCHOR_NTYPES] = {"BL", "BL", "BL", "BL", "BL", "MC", "MC", "ML"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[5] = {"logo", "image", "legend", "scale", "vertical scale"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:7587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *verb[2] = {"Form", "Draw"}, *count[2] = {"four", "three"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8034:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_BUFSIZ] = {""}, item[GMT_BUFSIZ] = {""}, string[GMT_BUFSIZ] = {""}, r_unit = 0, *c = NULL, *d = NULL, *ptr = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8070:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char X[2][GMT_LEN64] = {"", ""}, code[3] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8393:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*start = *stop = atol (p);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""}, word[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8571:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t k = atol (&p[1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8671:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': GMT->common.l.item.ncols = atoi (&txt[1]); break; /* Number of columns */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8724:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t kk = atol (&arg[1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8739:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t kk = atol (&arg[3]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8758:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t kk = atol (&p[1]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:8859:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int col = atol (&c[2]); /* Examine the data in this column */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9099:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->common.g.col[i] = atoi (&txt[c]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, keyword[GMT_LEN256] = {""}, value[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:9227:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) return (-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9312:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isdigit (text[0])) return (atoi (text)); /* That was easy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:9357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, lower_value[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:10049:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10119:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[2][GMT_LEN32];
data/gmt-6.1.1+dfsg/src/gmt_init.c:10304:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10342:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10371:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[2][GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmt_init.c:10552:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->current.setting.url_size_limit = atoi (lower_value) * f;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10565:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GMT->current.setting.refresh_time = atoi (lower_value) * f;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10711:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ival = atoi (value)) < 0) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:10729:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi (value) + 2;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10861:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ival = atoi (value)) < 0) error = true;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10909:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[GMT_BUFSIZ] = {""}, txt[GMT_LEN8], *PRE[3] = {"", "-", "+"}, *string = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pm[2] = {'+', '-'}, *ft[2] = {"false", "true"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:11160:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case gmt_ring: strcpy (value, "ring"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11161:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case gmt_degree: strcpy (value, "degree"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11162:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case gmt_colon: strcpy (value, "colon"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11163:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case gmt_none: strcpy (value, "none"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11164:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "plain");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11200:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "graph");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11202:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:11214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "fancy");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "fancy+");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11218:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "inside");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11220:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11384:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "none");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11386:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "rgb");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11388:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "cmyk");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11390:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "hsv");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11392:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11447:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "rgb");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11449:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "cmyk");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11451:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "hsv");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11453:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "gray");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11455:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11476:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "none");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11478:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "rle");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11480:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "lzw");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11485:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "deflate");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11488:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11493:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "butt");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11495:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "round");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11497:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "square");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11499:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11504:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "miter");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11506:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "round");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11508:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "bevel");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11510:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11531:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "landscape");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11533:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "portrait");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11535:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11601:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "tab");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11603:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "space");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11605:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "comma");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11607:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "none");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11613:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "maybe");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11615:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "always");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11617:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "never");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11663:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "pass");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11665:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "skip");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11669:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "auto");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11671:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "classic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11687:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "true");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11689:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "false");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11691:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "in");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11693:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "out");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11698:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "off");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11722:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "geodetic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11725:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "authalic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11728:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "conformal");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11731:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "meridional");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11734:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "geocentric");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11737:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "parametric");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11740:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11763:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "Vincenty");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11766:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "Andoyer");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11769:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "Rudoe");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11772:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11787:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "mean");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11790:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "authalic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11793:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "volumetric");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11796:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "meridional");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11799:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "quadratic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11802:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11812:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "default"); /* Default scale for chosen projection */
data/gmt-6.1.1+dfsg/src/gmt_init.c:11833:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "unlimited");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11859:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "double");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11861:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "single");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11863:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "long");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11865:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "ulong");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11867:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "int");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11869:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "uint");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11871:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "short");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11873:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "ushort");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11875:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "char");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11877:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "byte");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11882:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11884:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "extrap");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11891:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "auto");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11894:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "kissfft");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11897:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "brenner");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11900:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "fftw");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11904:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (value, ",measure");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11907:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (value, ",patient");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11910:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (value, ",exhaustive");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11913:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (value, ",estimate");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11918:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "accelerate");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11921:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11947:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "linear");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11949:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "akima");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11951:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "cubic");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11953:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "none");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11955:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11958:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%d", GMT->current.setting.max_cores);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11967:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "Watson");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11969:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "Shewchuk");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11971:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "undefined");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11980:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_QUIET: strcpy (value, "quiet"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11981:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_ERROR: strcpy (value, "error"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11982:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_WARNING: strcpy (value, "warning"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11983:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_TICTOC: strcpy (value, "timing"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11984:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_INFORMATION: strcpy (value, "information"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11985:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_MSG_DEBUG: strcpy (value, "debug"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:11986:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy (value, "compat"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:12034:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "none");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12036:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "clock");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12038:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (value, "elapsed");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *param, record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, tag[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_init.c:12138:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, tag[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12153:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[PATH_MAX+GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN128], ename[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_init.c:12371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_init.c:12378:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (name, "r")) != NULL || (fp = fopen (path, "r")) != NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12378:49: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (name, "r")) != NULL || (fp = fopen (path, "r")) != NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12423:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "2000-01-01T12:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12427:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "-4713-11-24T12:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12431:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "1858-11-17T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12435:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "1985-01-01T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12439:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "1970-01-01T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12443:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "0001-01-01T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12447:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (time_system->epoch, "0000-12-31T00:00:00");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12637:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *L = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:12675:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12698:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:12765:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[PATH_MAX] = {""}, tmp[GMT_LEN128] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:12807:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12825:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
P->parallel = atoi (&line[12]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char virt_file[GMT_VF_LEN] = {""}, tmpfile[PATH_MAX] = {""}, *list = "bfi:", *file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:12991:37: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char virt_file[GMT_VF_LEN] = {""}, tmpfile[PATH_MAX] = {""}, *list = "bfi:", *file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13030:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf (tmpfile, PATH_MAX, "%s/", API->tmp_dir);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13031:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tmpfile, "gmt_saved_stdin.XXXXXX"); /* The XXXXXX will be replaced by mktemp */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13031:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcat (tmpfile, "gmt_saved_stdin.XXXXXX"); /* The XXXXXX will be replaced by mktemp */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13033:25: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((file = mktemp (tmpfile)) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13037:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, API->GMT->current.io.w_mode)) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13042:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp (tmpfile)) == -1) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13042:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fd = mkstemp (tmpfile)) == -1) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13043:118: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
GMT_Report (API, GMT_MSG_ERROR, "gmtinit_get_region_from_data: Could not create and open temporary file %s.\n", tmpfile);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13046:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
file = tmpfile;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e_code[GMT_LEN256] = {""}, r_opt[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char figure[GMT_LEN128] = {""}, session[GMT_LEN128] = {""}, p[GMT_LEN16] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13413:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13440:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sclX[GMT_LEN64] = {""}, sclY[GMT_LEN64] = {""}, arg[GMT_LEN128] = {""}, oldarg[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13533:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (Bfile, "w"))) fclose (fp);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13634:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *D_module[4] = {"gmtlogo", "psimage", "pslegend", "psscale"}; /* These all may take -Dx etc */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_code[GMT_LEN512] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13717:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char j_code[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN256] = {""}, scl[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13847:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legend_justification[4] = {""}, pen[GMT_LEN32] = {""}, fill[GMT_LEN32] = {""}, off[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13850:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:13868:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13934:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (arg, "+l");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13955:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (arg, "+l");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13976:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (P->Bxlabel[0]) {strcat (arg, "+l"); strcat (arg, P->Bxlabel);} /* Add label, if active */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13983:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (P->Bylabel[0]) {strcat (arg, "+l"); strcat (arg, P->Bylabel);} /* Add label, if active */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3] = {"J"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14040:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *arg[2] = {"X15c", "Q15c+"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14054:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3] = {"J"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14115:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codes[3] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RG[GMT_LEN256] = {""}, tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_init.c:14616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol_type, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, text_cp[GMT_LEN256] = {""}, diameter[GMT_LEN32] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:14617:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *allowed_symbols[2] = {"~=-+AaBbCcDdEefGgHhIiJjMmNnpqRrSsTtVvWwxy", "=-+AabCcDdEefGgHhIiJjMmNnOopqRrSsTtUuVvWwxy"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14618:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *bar_symbols[2] = {"Bb", "-BbOoUu"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN64] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:14790:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_z = atoi (&c[2]);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14886:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:15316:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:15472:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (unit_name) strcpy (unit_name, "cm");
data/gmt-6.1.1+dfsg/src/gmt_init.c:15476:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (unit_name) strcpy (unit_name, "inch");
data/gmt-6.1.1+dfsg/src/gmt_init.c:15480:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (unit_name) strcpy (unit_name, "point");
data/gmt-6.1.1+dfsg/src/gmt_init.c:15549:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_KM: strcpy (unit_name, "km"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15550:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_MILE: strcpy (unit_name, "mile"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15551:30: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_NAUTICAL_MILE: strcpy (unit_name, "nautical mile"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15552:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_INCH: strcpy (unit_name, "inch"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15553:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_CM: strcpy (unit_name, "cm"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15554:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_PT: strcpy (unit_name, "point"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15555:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_FOOT: strcpy (unit_name, "foot"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15556:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GMT_IS_SURVEY_FOOT: strcpy (unit_name, "survey foot"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prjcode[8] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:15759:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wktext, " +wktext"); /* Projection NOT internally supported by GDAL */
data/gmt-6.1.1+dfsg/src/gmt_init.c:15761:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dest, " +ellps=WGS84");
data/gmt-6.1.1+dfsg/src/gmt_init.c:15808:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[2], args[GMT_LEN256] = {""}, *c = strchr (item, '+'); /* Start of modifiers, if any */
data/gmt-6.1.1+dfsg/src/gmt_init.c:15815:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (q) args[0] = item[0]; strcat (args, "af"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15818:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (q) args[0] = item[0]; strcat (args, "xaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15821:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (q) args[0] = item[0]; strcat (args, "yaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15824:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (q) args[0] = item[0]; strcat (args, "zaf"); if (c) strcat (args, c);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[GMT_LEN1024] = {""}, dest[GMT_LEN1024] = {""}, *pch;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15868:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(source, "+proj=latlong +datum=WGS84");
data/gmt-6.1.1+dfsg/src/gmt_init.c:16321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[GMT_LEN8] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_init.c:16564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "for input file");
data/gmt-6.1.1+dfsg/src/gmt_init.c:16568:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "for output file");
data/gmt-6.1.1+dfsg/src/gmt_init.c:16603:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *IO_direction[2] = {"Input", "Output"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_init.c:16630:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_init.c:16688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX] = {""}, *opt[2] = {"r", "a"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16697:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (line, opt[mode])) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16715:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMT_LOCAL void gmtinit_get_session_name_format (struct GMTAPI_CTRL *API, char prefix[GMT_LEN256], char formats[GMT_LEN256]) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16715:99: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GMT_LOCAL void gmtinit_get_session_name_format (struct GMTAPI_CTRL *API, char prefix[GMT_LEN256], char formats[GMT_LEN256]) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16726:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:16829:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:16835:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16875:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) { /* This is an unmitigated disaster */
data/gmt-6.1.1+dfsg/src/gmt_init.c:16903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_BUFSIZ] = {""}, fmt[GMT_LEN16] = {""}, option[GMT_LEN256] = {""}, p[GMT_LEN256] = {""}, dir[PATH_MAX] = {""}, legend_justification[4] = {""}, mark, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_init.c:16904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN32] = {""}, fill[GMT_LEN32] = {""}, off[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:16987:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -A");
data/gmt-6.1.1+dfsg/src/gmt_init.c:17000:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -A");
data/gmt-6.1.1+dfsg/src/gmt_init.c:17003:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -A");
data/gmt-6.1.1+dfsg/src/gmt_init.c:17013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[GMT_LEN8] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17046:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17069:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17091:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (panel, "%u-%u", row, col);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[GMT_LEN256] = {""}, formats[GMT_LEN64] = {""}, options[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *F_name[2] = {"label", "prog_indicator"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17187:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (parfile, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17204:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpM[k] = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17227:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "a")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char panel[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char justcode[4] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17327:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17367:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "a")) == NULL) { /* Cannot append to an existing file? */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, label[GMT_LEN128] = {""}, size[GMT_LEN32] = {""}, dim[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17436:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) { /* Unable to open for reading */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17440:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (justification, "TR"); /* Default legend placement */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17454:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncols = atoi (dim);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, dir[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17479:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type[2] = {"classic", "modern"}, *smode[3] = {"Use", "Begin", "End"}, *fstatus[4] = {"found", "not found", "created", "removed"};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char side, axis, B_delim[2] = {30, 0}, p[GMT_BUFSIZ] = {""}; /* Use ASCII 30 RS Record Separator between -B strings */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17671:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17771:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN8] = {""}, token[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17777:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%d", (int)n_columns-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN8] = {""}, token[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_init.c:17795:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%d", (int)n_columns-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:177:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *GMT_type[GMT_N_TYPES] = {"byte", "byte", "integer", "integer", "integer", "integer",
data/gmt-6.1.1+dfsg/src/gmt_io.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&u, &buffer[n], Int16len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&buffer[n], &u, Int16len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:323:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&u, &buffer[n], Int32len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:325:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&buffer[n], &u, Int32len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&u, &buffer[n], Int64len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&buffer[n], &u, Int64len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savedpath[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_io.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, *token, *stringp;
data/gmt-6.1.1+dfsg/src/gmt_io.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_io.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:922:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Aspatial columns:");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hemi[3] = {""}, *f = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:1124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *suffix[2][2] = {{"W", "E"}, {"S", "N"}}; /* Just for decimal degrees when no_sign is true */
data/gmt-6.1.1+dfsg/src/gmt_io.c:1129:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN64] = {""}, *p;
data/gmt-6.1.1+dfsg/src/gmt_io.c:1942:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[0], "am");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1943:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[1], "pm");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1948:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[0], "AM");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1949:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[1], "PM");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1954:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[0], "a.m.");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1955:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[1], "p.m.");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1960:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[0], "A.M.");
data/gmt-6.1.1+dfsg/src/gmt_io.c:1961:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (S->ampm_suffix[1], "P.M.");
data/gmt-6.1.1+dfsg/src/gmt_io.c:2265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[16];
data/gmt-6.1.1+dfsg/src/gmt_io.c:2359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scopy[GMT_LEN64] = {""}, suffix, *p = NULL, *p2 = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:2477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scopy[GMT_LEN64] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:2671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:2707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sflag[7] = {"-D", "-G", "-I", "-L", "-T", "-W", "-Z"}, *quote[7] = {"", "", "\"", "\"", "\"", "", ""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:2708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_io.c:2748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sflag[7] = {"-D", "-G", "-I", "-L", "-T", "-W", "-Z"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:2781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:2787:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " -Ph");
data/gmt-6.1.1+dfsg/src/gmt_io.c:2827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, in_string[GMT_VF_LEN] = {""}, out_string[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:2996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:3309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[GMT_BUFSIZ], message[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:3311:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *flavor[4] = {"", "Numerical only", "Text only", "Numerical with trailing text"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:3335:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (col == 50) strcat (message, ",...");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3373:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (pos == 49) strcat (message, ",...");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3378:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, "String");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3390:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (pos == 49) strcat (message, ",...");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3395:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, "String");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, *p = NULL, *token = NULL, *stringp = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:3518:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strstr (line, "@H")) strcat (GMT->current.io.segment_header, " -Ph"); /* Sometimes a @P or @H record instead */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3524:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strstr (line, "@H")) strcat (GMT->current.io.segment_header, " -Ph"); /* Add the hole designation to the polygon option */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char open_mode[4] = {""}, file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, *out_file = tmpfile, *txt = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:3722:51: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char open_mode[4] = {""}, file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, *out_file = tmpfile, *txt = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:3722:89: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char open_mode[4] = {""}, file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, *out_file = tmpfile, *txt = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:3733:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
append = (dest_type == GMT_IS_FILE && dest && ((char *)dest)[0] == '>'); /* Want to append to existing file */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3765:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3767:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3779:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3781:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3818:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf (tmpfile, PATH_MAX, file, TH->id, seg);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3820:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf (tmpfile, PATH_MAX, file, SH->id);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:3965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnm[20][GMT_LEN64], long_name[GMT_LEN256] = {""}, units[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:3966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[GMT_LEN64] = {""}, dimname[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:4410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:4423:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "Data gap detected via -g; Segment header inserted");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, open_mode[4] = {""}, *out_file = tmpfile;
data/gmt-6.1.1+dfsg/src/gmt_io.c:4580:30: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, open_mode[4] = {""}, *out_file = tmpfile;
data/gmt-6.1.1+dfsg/src/gmt_io.c:4580:89: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char file[PATH_MAX] = {""}, tmpfile[PATH_MAX] = {""}, open_mode[4] = {""}, *out_file = tmpfile;
data/gmt-6.1.1+dfsg/src/gmt_io.c:4585:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (dest_type == GMT_IS_FILE && dest && ((char *)dest)[0] == '>') append = 1; /* Want to append to existing file */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4614:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4616:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4629:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4631:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:4659:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf (tmpfile, PATH_MAX, file, TH->id);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX], *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:4691:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (fopen (&filename[first], mode));
data/gmt-6.1.1+dfsg/src/gmt_io.c:4694:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (fopen (c, mode));
data/gmt-6.1.1+dfsg/src/gmt_io.c:4707:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (fopen (c, mode));
data/gmt-6.1.1+dfsg/src/gmt_io.c:4717:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_BUFSIZ+GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:4738:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (c, mode);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4749:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *gmt_direction[2] = {"Input", "Output"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:4864:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mode[2] = {"input", "output"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:4999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *udir[4] = {GMT->session.USERDIR, GMT->session.DATADIR, GMT->session.CACHEDIR, NULL}, dir[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_io.c:5000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_separator[2] = {',', '\0'}, serverdir[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *c = NULL, *clean_file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:5196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *cleanfile = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:5215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:5356:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.r_mode, "rb");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5360:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.w_mode, "wb");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5361:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.a_mode, "ab+");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[GMT_LEN16] = {""}, tclock[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5381:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tformat[N_T_UNITS] = {"%uY","%2.2uM", "%2.2uD", "%2.2uH", "%2.2uM"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5445:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "NaN");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5502:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.a_mode, "a+");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5510:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.clock_input.ampm_suffix[0], "am");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5511:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.clock_output.ampm_suffix[0], "am");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5512:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.clock_input.ampm_suffix[1], "pm");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5513:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.clock_output.ampm_suffix[1], "pm");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5755:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *pole[5] = {"south (CCW)", "south (CW)", "no", "north (CW)", "north (CCW)"};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5767:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
next = (open && row == last_point) ? 0 : row + 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:5870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:5957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer, message[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:6155:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (&txt[i]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6343:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.r_mode, "rb");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6344:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.w_mode, "wb");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6345:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.a_mode, "ab+");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:6419:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%lf");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:6465:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (S->format, "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6477:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6479:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(mode) ? sprintf (fmt, "%%02d") : sprintf (fmt, "%%2d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6479:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(mode) ? sprintf (fmt, "%%02d") : sprintf (fmt, "%%2d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6483:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%1d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6502:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (S->format, "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6529:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:6560:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (S->x_format, "%%03d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6561:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (S->y_format, "%%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6565:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6572:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6614:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (S->x_format, "%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6615:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (S->y_format, "%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:6622:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[0][0], "%%d"); /* ddd */
data/gmt-6.1.1+dfsg/src/gmt_io.c:6626:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[0][1], "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6636:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[1][0], "%%d"); /* ddd */
data/gmt-6.1.1+dfsg/src/gmt_io.c:6637:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[1][1], "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6640:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6644:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (GMT->current.plot.format[1][0], "%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6648:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6653:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_colon]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6655:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_squote]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6662:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[2][0], "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6663:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.plot.format[2][1], "%%d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6666:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6670:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (GMT->current.plot.format[2][0], "%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6671:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (GMT->current.plot.format[2][1], "%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6675:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_colon]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6677:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_squote]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6681:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (GMT->current.plot.format[2][0], "%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6685:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%%02d");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6690:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_colon]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6692:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt, "%c", (int)GMT->current.setting.ps_encoding.code[gmt_dquote]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6702:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (GMT->current.plot.format[i][j], "%s");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calstring[GMT_LEN64] = {""}, clockstring[GMT_LEN64] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:7060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, *txt = NULL;
data/gmt-6.1.1+dfsg/src/gmt_io.c:7273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, txt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:7279:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "col1[0]");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xy[2][2] = {{"x", "y"}, {"lon", "lat"}};
data/gmt-6.1.1+dfsg/src/gmt_io.c:7567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char open_mode[4] = {""}, file[PATH_MAX] = {""}, line[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:7620:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7622:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<input stream>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7633:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7635:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (file, "<input file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7738:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:8595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_io.c:8681:86: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int gmt_load_aspatial_string (struct GMT_CTRL *GMT, struct GMT_OGR *G, uint64_t col, char out[GMT_BUFSIZ]) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:8742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:8810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_io.c:8891:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpo = fopen (newfile, "wb")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:8895:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpi = fopen (oldfile, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:8960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _path[PATH_MAX] = {""}, sep;
data/gmt-6.1.1+dfsg/src/gmt_io.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ampm_suffix[2][GMT_LEN8]; /* Holds the strings to append am or pm */
data/gmt-6.1.1+dfsg/src/gmt_io.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN64]; /* Actual C format used to output clock */
data/gmt-6.1.1+dfsg/src/gmt_io.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimiter[2][2]; /* Delimiter strings in clock, e.g. ":" */
data/gmt-6.1.1+dfsg/src/gmt_io.h:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN64]; /* Actual C format used to input/output date */
data/gmt-6.1.1+dfsg/src/gmt_io.h:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimiter[2][2]; /* Delimiter strings in date, e.g. "-" */
data/gmt-6.1.1+dfsg/src/gmt_io.h:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_format[GMT_LEN64]; /* Actual C format used to plot/output longitude */
data/gmt-6.1.1+dfsg/src/gmt_io.h:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y_format[GMT_LEN64]; /* Actual C format used to plot/output latitude */
data/gmt-6.1.1+dfsg/src/gmt_io.h:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimiter[2][2]; /* Delimiter strings in date, e.g. "-" */
data/gmt-6.1.1+dfsg/src/gmt_io.h:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_mode[4]; /* Current file opening mode for reading (r or rb) */
data/gmt-6.1.1+dfsg/src/gmt_io.h:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w_mode[4]; /* Current file opening mode for writing (w or wb) */
data/gmt-6.1.1+dfsg/src/gmt_io.h:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a_mode[4]; /* Current file append mode for writing (a+ or ab+) */
data/gmt-6.1.1+dfsg/src/gmt_io.h:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_text[GMT_BUFSIZ]; /* Current ASCII record as it was read */
data/gmt-6.1.1+dfsg/src/gmt_io.h:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_trailing_text[GMT_BUFSIZ]; /* Current text portion of current record (or NULL) */
data/gmt-6.1.1+dfsg/src/gmt_io.h:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segment_header[GMT_BUFSIZ]; /* Current ASCII segment header */
data/gmt-6.1.1+dfsg/src/gmt_io.h:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[2][PATH_MAX]; /* Current filenames (or <stdin>/<stdout>) */
data/gmt-6.1.1+dfsg/src/gmt_io.h:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[PATH_MAX]; /* Temporary file used to read - should be removed when closed */
data/gmt-6.1.1+dfsg/src/gmt_io.h:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col_set[2][GMT_MAX_COLUMNS]; /* Keeps track of which columns have had their type set */
data/gmt-6.1.1+dfsg/src/gmt_io.h:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *o_format[GMT_MAX_COLUMNS]; /* Custom output ASCII format to overrule format_float_out */
data/gmt-6.1.1+dfsg/src/gmt_io.h:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[2]; /* 2-char code describing row/col organization for grids */
data/gmt-6.1.1+dfsg/src/gmt_macros.h:126:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define gmt_M_memcpy(to,from,n,type) memcpy(to, from, (n)*sizeof(type))
data/gmt-6.1.1+dfsg/src/gmt_macros.h:131:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define gmt_M_cpy3v(to,from) memcpy(to, from, 3*sizeof(double))
data/gmt-6.1.1+dfsg/src/gmt_macros.h:164:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define gmt_M_rgb_copy(a,b) memcpy (a, b, 4 * sizeof(double))
data/gmt-6.1.1+dfsg/src/gmt_map.c:163:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GEOD_TEXT[3] = {"Vincenty", "Andoyer", "Rudoe"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:1454:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("input.d", "w");
data/gmt-6.1.1+dfsg/src/gmt_map.c:1491:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("output.d", "w");
data/gmt-6.1.1+dfsg/src/gmt_map.c:1615:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("crap.d", "a");
data/gmt-6.1.1+dfsg/src/gmt_map.c:1717:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("input.d", "w");
data/gmt-6.1.1+dfsg/src/gmt_map.c:1848:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("output.d", "w");
data/gmt-6.1.1+dfsg/src/gmt_map.c:1899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmt_map.c:1901:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (line, "w");
data/gmt-6.1.1+dfsg/src/gmt_map.c:3600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[4] = {""};
data/gmt-6.1.1+dfsg/src/gmt_map.c:6254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type_name[3] = {"Map", "Contour", "Contour annotation"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:6255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux[6] = {"no", "authalic", "conformal", "meridional", "geocentric", "parametric"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:6256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rad[5] = {"mean (R_1)", "authalic (R_2)", "volumetric (R_3)", "meridional", "quadratic"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:6491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""}, *part = "EW";
data/gmt-6.1.1+dfsg/src/gmt_map.c:6566:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char units[6] = {'S', 'M', 'H', 'D', 'O', 'Y'};
data/gmt-6.1.1+dfsg/src/gmt_map.c:6635:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_clock_map, "hh:mm");
data/gmt-6.1.1+dfsg/src/gmt_map.c:6637:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (par, " --FORMAT_CLOCK_MAP=hh:mm");
data/gmt-6.1.1+dfsg/src/gmt_map.c:6641:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_date_map, "o dd");
data/gmt-6.1.1+dfsg/src/gmt_map.c:6643:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (par, " --FORMAT_DATE_MAP=\"o dd\"");
data/gmt-6.1.1+dfsg/src/gmt_map.c:6647:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_date_map, "o yyyy");
data/gmt-6.1.1+dfsg/src/gmt_map.c:6649:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (par, " --FORMAT_DATE_MAP=\"o yyyy\"");
data/gmt-6.1.1+dfsg/src/gmt_map.c:8160:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char z_int[4], z_int_bg[4];
data/gmt-6.1.1+dfsg/src/gmt_map.c:8793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ellipsoid[GMT_LEN256] = {""}, dr[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_map.c:9170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *def_args[2] = {"X15c", "Q15c"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:9489:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *kind[5] = {"Cartesian", "Flat Earth", "Great Circle", "Geodesic", "Loxodrome"};
data/gmt-6.1.1+dfsg/src/gmt_map.c:9667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_memory.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *m_unit[4] = {"bytes", "kb", "Mb", "Gb"};
data/gmt-6.1.1+dfsg/src/gmt_memory.c:134:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ID = atoi (env);
data/gmt-6.1.1+dfsg/src/gmt_memory.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[GMT_LEN32];
data/gmt-6.1.1+dfsg/src/gmt_memory.c:147:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((M->fp = fopen (logfile, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_memory.c:280:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *mode[3] = {"INI", "ADD", "SET"};
data/gmt-6.1.1+dfsg/src/gmt_memory.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unit[3] = {"kb", "Mb", "Gb"};
data/gmt-6.1.1+dfsg/src/gmt_memory.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unit[3] = {"kb", "Mb", "Gb"};
data/gmt-6.1.1+dfsg/src/gmt_modern.c:38:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strncmp (module, "histogram", 9U)) { strcpy (modname, "pshistogram"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:39:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "colorbar", 8U)) { strcpy (modname, "psscale"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:40:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "ternary", 7U)) { strcpy (modname, "psternary"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:41:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "contour", 7U)) { strcpy (modname, "pscontour"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:42:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "basemap", 7U)) { strcpy (modname, "psbasemap"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:43:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "events", 6U)) { strcpy (modname, "psevents"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:44:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "wiggle", 6U)) { strcpy (modname, "pswiggle"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:45:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "legend", 6U)) { strcpy (modname, "pslegend"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:46:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "plot3d", 6U)) { strcpy (modname, "psxyz"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:47:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "segyz", 5U)) { strcpy (modname, "pssegyz"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:48:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "solar", 5U)) { strcpy (modname, "pssolar"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:49:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "polar", 5U)) { strcpy (modname, "pspolar"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:50:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "image", 5U)) { strcpy (modname, "psimage"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:51:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "coupe", 5U)) { strcpy (modname, "pscoupe"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:52:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "coast", 5U)) { strcpy (modname, "pscoast"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:53:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "velo", 4U)) { strcpy (modname, "psvelo"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:54:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "segy", 4U)) { strcpy (modname, "pssegy"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:55:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "text", 4U)) { strcpy (modname, "pstext"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:56:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "plot", 4U)) { strcpy (modname, "psxy"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:57:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "meca", 4U)) { strcpy (modname, "psmeca"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:58:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "rose", 4U)) { strcpy (modname, "psrose"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:59:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "mask", 4U)) { strcpy (modname, "psmask"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:60:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "clip", 4U)) { strcpy (modname, "psclip"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_modern.c:61:52: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if (!strncmp (module, "sac", 3U)) { strcpy (modname, "pssac"); return module; }
data/gmt-6.1.1+dfsg/src/gmt_nc.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *regtype[2] = {"gridline", "pixel"};
data/gmt-6.1.1+dfsg/src/gmt_nc.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (start, HH->t_index, 3 * sizeof(size_t)); /* set lower dimensions first (e.g. layer) */
data/gmt-6.1.1+dfsg/src/gmt_nc.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_GRID_UNIT_LEN80], units[GMT_GRID_UNIT_LEN80];
data/gmt-6.1.1+dfsg/src/gmt_nc.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_GRID_UNIT_LEN80], units[GMT_GRID_UNIT_LEN80];
data/gmt-6.1.1+dfsg/src/gmt_nc.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimname[GMT_GRID_UNIT_LEN80], coord[GMT_LEN8];
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1053:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, grid + (nm + n_cols_t - n_shift_abs) * cell_size, n_shift_abs * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1059:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + nm * cell_size, tmp, n_shift_abs * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1066:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, grid + nm * cell_size, n_shift_abs * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1072:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + (nm + n_cols_t - n_shift_abs) * cell_size, tmp, n_shift_abs * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + (nm + cell) * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + (nm + n_cols_t - cell - 1) * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + (nm + cell) * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + (nm + n_cols_t - cell - 1) * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + nm * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (grid + nm * cell_size,
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1219:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (to, from, n_cols_t * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1267:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (to, from, n_cols_t * cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1285:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (last, first, cell_size);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[GMT_GRID_VARNAME_LEN80];
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[GMT_GRID_VARNAME_LEN80], dimname[GMT_GRID_UNIT_LEN80], z_units[GMT_GRID_UNIT_LEN80];
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_parse.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_unique_option[GMT_N_UNIQUE] = { /* The common GMT command-line options [ just the subset that accepts arguments (e.g., -O is not listed) ] */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3] = {""}, B_string[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""}, B_delim[2] = {30, 0}; /* Use ASCII 30 RS Record Separator between -B strings */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_parse.c:283:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_parse.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_parse.c:446:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (t, "=gd");
data/gmt-6.1.1+dfsg/src/gmt_parse.c:531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN1024] = {""}, *txt_in = strdup (in); /* Passed a single text string */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char figure[GMT_LEN512] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_parse.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_parse.c:1027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[2] = {0, 0}, critical_opt_order[] = GMT_CRITICAL_OPT_ORDER;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:95:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char GMT_glyph[2520] = {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:380:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (name, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:389:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (name, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:422:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (name, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:431:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (name, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:1562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plane_name[2] = {"y-z", "x-z"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""}, format[GMT_LEN64] = {""}, **label_c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN512] = {""}, text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstring[GMT_LEN1024] = {""}, not_used[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN16], *type[2] = {"inner", "outer"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstring[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3055:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arg[2];
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3392:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3451:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS-84");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3453:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS-72");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3455:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS-66");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3457:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS-60");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3459:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Airy");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3461:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Airy-Ireland");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3463:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Andrae");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3465:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "APL4.9");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3467:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Australian");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3469:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Bessel");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Bessel-Namibia");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3473:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Clarke-1866");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3475:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Clarke-1880");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "CPM");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3479:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Delambre");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3481:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Engelis");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3483:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Everest-1830");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Everest-1830-Kertau");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3487:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Everest-1830-Kalianpur");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3489:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Everest-1830-Timbalai");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3491:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Fischer-1960");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3493:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Fischer-1960-SouthAsia");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3495:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Fischer-1968");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3497:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "GRS-80");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3499:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "GRS-67");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3501:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Helmert-1906");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3503:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Hough");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3505:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Hayford-1909");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3507:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "International-1967");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3509:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "MERIT-83");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3511:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Krassovsky");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3513:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Kaula");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3515:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "NWL9D");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3517:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "IAG-75");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3519:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Lerch");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3521:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Maupertius");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Modified-Fischer-1960");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3525:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "SGS-85");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3527:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Plessis");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3529:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Walbeck");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3531:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "Sphere");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3533:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "FlatEarth");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3542:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS84");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3544:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS72");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3546:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS66");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3548:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "WGS60");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3550:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "airy");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3552:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "mod_airy");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3554:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "andrae");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3556:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "APL4.9");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3558:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "aust_SA");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3560:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "bessel");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3562:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "bess_nam");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3564:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "clark66");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "clark80");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3568:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "CPM");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3570:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "delmbr");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3572:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "engelis");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3574:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "evrst30");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3576:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "evrst48");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3578:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "evrst56");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3580:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "evrstSS");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3582:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "fschr60");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3584:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "fschr60m");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3586:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "fschr68");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3588:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "GRS80");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3590:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "GRS67");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3592:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "helmert");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3594:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "hough");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3596:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "intl");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3598:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "new_intl");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3600:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "MERIT");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3602:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "krass");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3604:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "kaula");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3606:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "NWL9D");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3608:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "IAU76");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3610:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "lerch");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3612:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "mprts");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3614:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "SEasia");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3616:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "SGS85");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3618:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "plessis");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3620:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "walbeck");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3622:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "sphere");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3624:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "sphere");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3626:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "unnamed");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3632:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (file, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3886:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("shit.txt", "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:4792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""}; /* Annotation string */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:4793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256] = {""}; /* format used for non-time annotations */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:4794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *axis_chr[3] = {"ns", "ew", "zz"}; /* Characters corresponding to axes */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5416:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *kind[3] = {"annotation", "tick", "grid-line"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5417:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *axis[2][3] = { {"x", "y", "z"}, {"longitude", "latitude", "z"}};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5759:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (B->file, "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5804:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""}, format[GMT_LEN64] = {""}, *this_label = NULL;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *label[GMT_N_UNITS] = {"m", "km", "miles", "nautical miles", "inch", "cm", "pt", "feet", "survey feet"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *units[GMT_N_UNITS] = {"m", "km", "mi", "nm", "in", "cm", "pt", "ft", "usft"}, measure;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5995:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xname[2] = {"x", "lon"}, *yname[2] = {"y", "lat"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_J[GMT_LEN256] = {""}, szProj4[GMT_LEN256] = {""}, prjcode[16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[GMT_LEN256] = {""}, scale_c[GMT_LEN32] = {""}, *pch = NULL, *pStrOut = NULL;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6651:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon_0[32] = {""}, lat_0[32] = {""}, lat_1[32] = {""}, lat_2[32] = {""}, lat_ts[32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6660:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
GMT->current.ps.active ? sprintf(scale_c, "14c") : sprintf(scale_c, "1:1");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6660:54: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
GMT->current.ps.active ? sprintf(scale_c, "14c") : sprintf(scale_c, "1:1");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6680:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EPSGID = atoi(&szProj4[1]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6682:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EPSGID = atoi(szProj4);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6701:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (buffer, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6709:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (EPSGID == atoi(buffer)) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon_1[32] = {""}, lon_2[32] = {""}, lonc[32] = {""}, alpha[32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6767:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (opt_J, "OC");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6806:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zone = atoi(&token[5]);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6829:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[4];
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6830:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, "%d/", zone);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6840:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat (opt_J, "Poly/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6899:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!lat_0[0]) strcat(lat_0, "90"); /* ptoj4 says lat_0 = 90 but what if in southerm hemisphere? */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6904:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!strcmp(prjcode, "stere")) strcat(opt_J, "75/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6917:40: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (!strcmp(prjcode, "eck4")) strcat (opt_J, "Kf");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6918:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat (opt_J, "Ks");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6937:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ename[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6982:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6989:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, " +towgs84=-199.87,74.79,246.62");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6995:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, " +towgs84=598.1,73.7,418.2,0.202,0.045,-2.455,6.7");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *txt, t[128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szProj4[GMT_LEN512], proj4_ename[GMT_LEN16];
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7141:45: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (GMT->current.proj.utm_hemisphere < 0) strcat (szProj4, " +south");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7175:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7206:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7217:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7220:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7229:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+unavailable");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7256:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+proj=latlong");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7258:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szProj4, "+xy"); /* Probably useless as an info, but put there something */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN256] = {""}, region[GMT_LEN64] = {""}, unit[4] = {""}, axis = 0;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7532:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (region, "-R0/100/0/1"); /* Always 0-100 % */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7533:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (unit, "+u%");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mode[2] = {"w","a"}, *movie_item_arg[2][GMT_LEN32], not_used[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7570:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ps_mode[2] = {"classic", "modern"}, *F_name[2] = {"label", "prog_indicator"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *verb[2] = {"Create", "Append to"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7636:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, record[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7640:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!access (file, R_OK) && (fpl = fopen (file, "r"))) { /* File exists and could be opened for reading */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7778:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (proj4name, "latlong");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[4] = {' ', '-', 'X', 0}, not_used[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FF[GMT_LEN64] = {""}, PP[GMT_LEN64] = {""}, font[GMT_LEN64] = {""}, label[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind, F1[GMT_LEN64] = {""}, F2[GMT_LEN64] = {""}, P1[GMT_LEN64] = {""}, P2[GMT_LEN64] = {""}, font[GMT_LEN64] = {""}, label[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, buffer[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8077:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8105:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8172:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "a")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8314:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("shit.txt", "w");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[2] = {"Perimeter", "Polar cap perimeter"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *use[2] = {"fill only", "fill and outline"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:8341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9112:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (source, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_file[PATH_MAX] = {""}, buffer[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9204:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (ps_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9215:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9217:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<input stream>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9234:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9236:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<input file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg1[2] = {"Writing", "Appending"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9290:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg2[2] = {"create", "append to"};
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9293:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (&ps_file[append], (append) ? "a" : "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9303:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9305:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9315:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9317:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ps_file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_plot.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256]; /* Character code to plot (could be octal) */
data/gmt-6.1.1+dfsg/src/gmt_private.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[4096]; /* The cached last error message */
data/gmt-6.1.1+dfsg/src/gmt_proj.c:592:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *U[2] = {"m", "km"};
data/gmt-6.1.1+dfsg/src/gmt_proj.c:1738:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("g_border.txt", "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_project.h:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_name[GMT_N_UNITS][GMT_LEN16]; /* Names of the various distance units */
data/gmt-6.1.1+dfsg/src/gmt_project.h:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256]; /* Label of the axis */
data/gmt-6.1.1+dfsg/src/gmt_project.h:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secondary_label[GMT_LEN256]; /* Optionally use this label when axis is right or top */
data/gmt-6.1.1+dfsg/src/gmt_project.h:498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[GMT_LEN64]; /* Axis unit appended to annotations */
data/gmt-6.1.1+dfsg/src/gmt_project.h:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[GMT_LEN64]; /* Axis prefix starting all annotations */
data/gmt-6.1.1+dfsg/src/gmt_project.h:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN256]; /* Plot title */
data/gmt-6.1.1+dfsg/src/gmt_prototypes.h:346:97: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_MSC int gmt_load_aspatial_string (struct GMT_CTRL *GMT, struct GMT_OGR *G, uint64_t col, char out[GMT_BUFSIZ]);
data/gmt-6.1.1+dfsg/src/gmt_prototypes.h:451:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_MSC struct GMT_DATASET * gmt_make_profiles (struct GMT_CTRL *GMT, char option, char *args, bool resample, bool project, bool get_distances, double step, enum GMT_enum_track mode, double xyz[2][3], unsigned int *dtype);
data/gmt-6.1.1+dfsg/src/gmt_prototypes.h:451:87: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_MSC struct GMT_DATASET * gmt_make_profiles (struct GMT_CTRL *GMT, char option, char *args, bool resample, bool project, bool get_distances, double step, enum GMT_enum_track mode, double xyz[2][3], unsigned int *dtype);
data/gmt-6.1.1+dfsg/src/gmt_psl.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_logo_label[GMT_LEN256]; /* Label added to GMT time stamp generated by -U */
data/gmt-6.1.1+dfsg/src/gmt_psl.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[GMT_LEN256]; /* Title of this plot */
data/gmt-6.1.1+dfsg/src/gmt_psl.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memname[GMT_VF_LEN]; /* Memory object ID */
data/gmt-6.1.1+dfsg/src/gmt_psl.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[GMT_LEN256]; /* Filename for hidden PS file */
data/gmt-6.1.1+dfsg/src/gmt_psl.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[2]; /* Defines the origin of the map offset ('r', 'a', 'c', or 'f') */
data/gmt-6.1.1+dfsg/src/gmt_regexp.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[MAX_ERR_LENGTH];
data/gmt-6.1.1+dfsg/src/gmt_remote.c:129:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->fp = fopen (out->filename, "wb");
data/gmt-6.1.1+dfsg/src/gmt_remote.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del_cmd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:170:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (del_cmd, "rmdir /s /q ");
data/gmt-6.1.1+dfsg/src/gmt_remote.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit, line[GMT_LEN512] = {""}, file[PATH_MAX] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_remote.c:198:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:209:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*n = atoi (line); /* Number of non-commented records to follow */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[GMT_LEN256] = {""}, reg[2] = {'p', 'g'}, *file = NULL, *infile = NULL, *ext = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_remote.c:472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Lfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:575:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((P->fp = fopen (P->file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:671:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) return NULL;
data/gmt-6.1.1+dfsg/src/gmt_remote.c:676:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*n = atoi (line); /* Number of records to follow */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexpath[PATH_MAX] = {""}, old_indexpath[PATH_MAX] = {""}, new_indexpath[PATH_MAX] = {""}, url[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverdir[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:763:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (new_indexpath, ".new"); /* Append .new to the copied path */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:765:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (old_indexpath, ".old"); /* Append .old to the copied path */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_name[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN512] = {""}, *ncfile = NULL;
data/gmt-6.1.1+dfsg/src/gmt_remote.c:900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:901:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "+s%g+o%g", API->remote_info[k_data].scale, API->remote_info[k_data].offset);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:903:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, " -Z+s%g+o%g", API->remote_info[k_data].scale, -API->remote_info[k_data].offset / API->remote_info[k_data].scale);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_path[PATH_MAX] = {""}, local_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1301:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1302:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmpfile, "@earth_relief_0%cs_g", file[14]);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1302:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (tmpfile, "@earth_relief_0%cs_g", file[14]);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1303:45: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((k_data = gmt_remote_dataset_id (API, tmpfile)) == GMT_NOTSET) return GMT_NOTSET; /* Not a recognized remote dataset */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1341:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file = (char *)((infile[0] == '@') ? &infile[1] : infile); /* Now, file starts at N|S */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1358:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tag, "earth_relief_0%cs_g", p[7]); /* 7th char in p is the 1|3 resolution character */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coverage_file[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tile_list[PATH_MAX] = {""}, *file = NULL, **tile = NULL, datatype[3] = {'L', 'O', 'X'}, regtype[2] = {'G', 'P'};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1475:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1495:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1501:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp (tile_list)) == -1) {
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grid[GMT_VF_LEN] = {""}, cmd[GMT_LEN256] = {""}, code = 0;;
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1568:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (code != 'X') strcat (cmd, " -N0"); /* If ocean/land, set empty nodes to 0, else NaN */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[GMT_LEN64]; /* Directory of file. Here, / (root) means /export/gmtserver/gmt/data */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[GMT_LEN64]; /* Full file (or tile directory) name. E.g., earth_relief_20m_g.grd or earth_relief_01m_g/ */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[GMT_LEN8]; /* Data file extension. E.g., .grd, *tif, etc. */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inc[GMT_LEN8]; /* Grid spacing in text format. E.g., 30m */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[GMT_LEN8]; /* Total file/tile set size in text format. E.g., 300M */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[GMT_LEN16]; /* Creation date in yyyy-mm-dd (e.g., 2020-06-01) */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[GMT_LEN64]; /* Tag for tiling. E.g., earth_relief_01m_g, SRTMGL3 */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coverage[GMT_LEN64]; /* File with tile coverage. E.g., srtm_tiles.nc or - for none */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[GMT_LEN64]; /* File with background filler. E.g., earth_relief_tiles_15s.grd or - for none */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPT[GMT_LEN64]; /* Name of default master CPT. E.g., geo or - for none */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remark[GMT_LEN256]; /* Attribution and information about this data set */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64]; /* File name (no leading directory) */
data/gmt-6.1.1+dfsg/src/gmt_remote.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[GMT_LEN128]; /* The file hash */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_units[GMT_GRID_UNIT_LEN80]; /* units in x-direction */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y_units[GMT_GRID_UNIT_LEN80]; /* units in y-direction */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z_units[GMT_GRID_UNIT_LEN80]; /* grid value units */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[GMT_GRID_TITLE_LEN80]; /* name of data set */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[GMT_GRID_COMMAND_LEN320]; /* name of generating command */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remark[GMT_GRID_REMARK_LEN160]; /* comments re this data set */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_layout[4]; /* Three or Four char codes T|B R|C S|R|S (grd) or B|L|P + A|a (img) describing array layout in mem and interleaving */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[GMT_GRID_COMMAND_LEN320]; /* name of generating command */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remark[GMT_GRID_REMARK_LEN160]; /* comments re this data set */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[GMT_GRID_COMMAND_LEN320]; /* name of generating command */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remark[GMT_GRID_REMARK_LEN160]; /* comments re this data set */
data/gmt-6.1.1+dfsg/src/gmt_resources.h:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_VF_LEN]; /* Virtual file name for resource */
data/gmt-6.1.1+dfsg/src/gmt_sharedlibs.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errstr[GMT_LEN128];
data/gmt-6.1.1+dfsg/src/gmt_shore.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_shore.c:290:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, "r")) == NULL) { /* but Coverity still complains if we don't test if it's NULL */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stem[GMT_LEN64] = {""}, path[PATH_MAX] = {""}, *res = "clihf", *kind[3] = {"GSHHS", "river", "border"};
data/gmt-6.1.1+dfsg/src/gmt_shore.c:428:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
I->fraction = irint (1e6 * 0.01 * atoi (&p[2])); /* Convert percent to integer microfraction */
data/gmt-6.1.1+dfsg/src/gmt_shore.c:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stem[GMT_LEN64] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_shore.c:955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stem[GMT_LEN64] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_shore.c:1361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shore_resolution[5] = {"full", "high", "intermediate", "low", "crude"};
data/gmt-6.1.1+dfsg/src/gmt_shore.h:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char node_level[4];
data/gmt-6.1.1+dfsg/src/gmt_shore.h:96:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char node_level_g[4]; /* Levels if gronding line Antarctica is used */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[80]; /* Units of lon/lat */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80]; /* Title of data set */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[80]; /* Source of data set */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[GMT_LEN8]; /* Version of data set */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[80]; /* Units of lon/lat */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80]; /* Title of data set */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[80]; /* Source of data set */
data/gmt-6.1.1+dfsg/src/gmt_shore.h:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[GMT_LEN8]; /* Version of data set */
data/gmt-6.1.1+dfsg/src/gmt_sph.c:408:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *way[2] = {"CCW", "CW"};
data/gmt-6.1.1+dfsg/src/gmt_stat.c:2755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux[6] = {"geodetic", "authalic", "conformal", "meridional", "geocentric", "parametric"};
data/gmt-6.1.1+dfsg/src/gmt_stat.c:2756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rad[5] = {"mean (R_1)", "authalic (R_2)", "volumetric (R_3)", "meridional", "quadratic"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_just_code[12] = {"--", "LB", "CB", "RB", "--", "LM", "CM", "RM", "--", "LT", "CT", "RT"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:144:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gmt_M_color_rgb[GMT_N_COLOR_NAMES][3] = { /* r/g/b of X11 colors */
data/gmt-6.1.1+dfsg/src/gmt_support.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/gmt-6.1.1+dfsg/src/gmt_support.c:164:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *GMT_CPT_master[GMT_N_CPT_MASTERS] = {
data/gmt-6.1.1+dfsg/src/gmt_support.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:213:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill->dpi = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:229:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill->pattern_no = atoi (fill->pattern);
data/gmt-6.1.1+dfsg/src/gmt_support.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f, word[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:311:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill->pattern_no = atoi (fill->pattern);
data/gmt-6.1.1+dfsg/src/gmt_support.c:774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN64] = {""}, *t = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:878:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((n = atoi (&word[1])) > 0 && n < PSL_N_PATTERNS) return (true); /* Got a valid integer */
data/gmt-6.1.1+dfsg/src/gmt_support.c:945:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi (name));
data/gmt-6.1.1+dfsg/src/gmt_support.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Lname[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:1009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_PEN_LEN] = {""}, string[GMT_BUFSIZ] = {""}, ptr[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:1017:38: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strncmp (line, "dashdot", 7U)) strcpy (line, "-."); /* Accept "dashdot*" to mean -. */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1018:38: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strncmp (line, "dotdash", 7U)) strcpy (line, ".-"); /* Accept "dotdash*" to mean .- */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1129:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (word, ":0");
data/gmt-6.1.1+dfsg/src/gmt_support.c:1351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:2602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:2707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_label[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:3493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4200:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (panel_txt, "+g");
data/gmt-6.1.1+dfsg/src/gmt_support.c:4205:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (panel_txt, "+p");
data/gmt-6.1.1+dfsg/src/gmt_support.c:4214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[2] = {0, 0};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4219:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "+w"); /* Append width modifier */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4230:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (text, "+jCM"); /* Append justification */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_cpy[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_sx[GMT_LEN256] = {""}, txt_sy[GMT_LEN256] = {""}, txt_len[GMT_LEN256] = {""}, string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ], oldshit[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstring[GMT_LEN256] = {""}, string[GMT_LEN256] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4774:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->var[column] = atoi (&txt[1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4780:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->var[column] = atoi (&txt[2]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_BUFSIZ] = {""}, path[PATH_MAX] = {""}, buffer[GMT_BUFSIZ] = {""}, col[8][GMT_LEN64], OP[GMT_LEN8] = {""}, right[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4850:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[3][GMT_LEN64] = {"", "", ""}, *fill_p = NULL, *pen_p = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:4851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *BB_string[2] = {"%%HiResBoundingBox:", "%%BoundingBox:"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4865:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:4880:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[GMT_VF_LEN] = {""}, c2[GMT_VF_LEN] = {""}, c3[GMT_VF_LEN] = {""}, c4[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:4954:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->var[k] = atoi (&arg[k][1]); /* Get the variable number $<varno> */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5103:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->var[0] = atoi (&c[2]) + 1; /* We add the 1 here so 0-(n-1) becomes 1-n */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5113:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:5200:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->var_pen = atoi (&pen_p[1]); /* Remember variable column number */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, ID[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:5416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, ID[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:5489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, seg_name[GMT_BUFSIZ] = {""}, ID[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:5598:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:5640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, seg_name[GMT_BUFSIZ] = {""}, ID[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:6359:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char irgb[3];
data/gmt-6.1.1+dfsg/src/gmt_support.c:6379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Lname[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:6392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN64] = {""}, *t = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, color[GMT_LEN256] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[GMT_LEN256] = {""}, name[GMT_LEN256] = {""}, fill[GMT_LEN256] = {""}, line[GMT_BUFSIZ] = {""}, *s = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6626:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_support.c:6663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[GMT_LEN256] = {""}, color[GMT_LEN256] = {""}, style[GMT_LEN256] = {""}, line[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mods[GMT_LEN256] = {""}, v_args[2][GMT_LEN256] = {"",""}, p[GMT_LEN64] = {""}, T[2][GMT_LEN64] = {"",""}, *t = NULL, *t2 = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6844:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_support.c:6923:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_support.c:7024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[2];
data/gmt-6.1.1+dfsg/src/gmt_support.c:7067:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char T0[GMT_LEN64] = {""}, T1[GMT_LEN64] = {""}, T2[GMT_LEN64] = {""}, T3[GMT_LEN64] = {""}, T4[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char T5[GMT_LEN64] = {""}, T6[GMT_LEN64] = {""}, T7[GMT_LEN64] = {""}, T8[GMT_LEN64] = {""}, T9[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, clo[GMT_LEN64] = {""}, chi[GMT_LEN64] = {""}, c, cpt_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7458:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (cpt_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:7470:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:7472:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<input stream>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:7484:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<stdin>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:7486:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<input file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:7669:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char panel[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:7993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:8007:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, panel[GMT_LEN16] = {""}, *file = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:8613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, cpt_file[PATH_MAX] = {""}, code[3] = {'B', 'F', 'N'};
data/gmt-6.1.1+dfsg/src/gmt_support.c:8614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lo[GMT_LEN64] = {""}, hi[GMT_LEN64] = {""}, kind[3] = {'L', 'U', 'B'};
data/gmt-6.1.1+dfsg/src/gmt_support.c:8615:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg1[2] = {"Writing", "Appending"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:8626:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msg2[2] = {"create", "append to"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:8633:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (&cpt_file[append], (append) ? "a" : "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:8643:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:8645:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<output stream>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:8657:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<stdout>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:8659:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cpt_file, "<output file descriptor>");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9323:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->line_name, "Contour");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9327:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->line_name, "Line");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:9493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:9494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:9518:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[2] = {0, 0};
data/gmt-6.1.1+dfsg/src/gmt_support.c:9557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, c;
data/gmt-6.1.1+dfsg/src/gmt_support.c:9734:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G->half_width = atoi (&p[1]) / 2;
data/gmt-6.1.1+dfsg/src/gmt_support.c:9773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, c, arg, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:9879:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->line_name, "Contour");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9883:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->line_name, "Line");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:9967:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G->half_width = atoi (&p[1]) / 2;
data/gmt-6.1.1+dfsg/src/gmt_support.c:10007:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, c, arg;
data/gmt-6.1.1+dfsg/src/gmt_support.c:10197:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct GMT_DATASET *gmt_make_profiles (struct GMT_CTRL *GMT, char option, char *args, bool resample, bool project, bool get_distances, double step, enum GMT_enum_track mode, double xyz[2][3], unsigned int *dtype) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:10197:75: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct GMT_DATASET *gmt_make_profiles (struct GMT_CTRL *GMT, char option, char *args, bool resample, bool project, bool get_distances, double step, enum GMT_enum_track mode, double xyz[2][3], unsigned int *dtype) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:10212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:10213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modifiers[GMT_BUFSIZ] = {""}, p2[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:10261:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': np = atoi (&p2[1]); p_mode |= GMT_GOT_NP; break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:10859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_support.c:10869:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "clip contour");
data/gmt-6.1.1+dfsg/src/gmt_support.c:10889:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kind[2] = {'O', 'C'};
data/gmt-6.1.1+dfsg/src/gmt_support.c:10890:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/gmt-6.1.1+dfsg/src/gmt_support.c:10973:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:10987:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (string, "@~p@~"); /* Place the pi symbol */
data/gmt-6.1.1+dfsg/src/gmt_support.c:11104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmt_support.c:11117:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ndec -= atoi (&text[++j]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%%.%df", ndec);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11148:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (j > -1) ndec = atoi (&GMT->current.setting.format_float_map[j+1]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *method[2] = {"Cartesian", "spherical"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:11543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[5] = {"not set", "natural", "periodic", "geographic", "extended data"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:11683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[5] = {"not set", "natural", "periodic", "geographic", "extended data"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:11684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *edge[4] = {"left ", "right ", "bottom", "top "};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[5] = {"not set", "natural", "periodic", "geographic", "extended data"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *edge[4] = {"left ", "right ", "bottom", "top "};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_BUFSIZ] = {""}, text[GMT_BUFSIZ] = {""}, oldshit[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *q[2] = {NULL, NULL};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12828:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:12999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:13074:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ms->kind = (string[0]) ? atoi (string) : 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:13154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[2] = {"coordinates", "dimensions"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:13174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:13529:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(key);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[GMT_LEN256] = {""}, buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:13672:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (list, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:14539:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld", lrint (d_log10 (GMT, coord)));
data/gmt-6.1.1+dfsg/src/gmt_support.c:14545:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "10@+%ld@+", lrint (d_log10 (GMT, coord)));
data/gmt-6.1.1+dfsg/src/gmt_support.c:14644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hemi[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:14878:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, name[GMT_LEN64] = {""}, item[GMT_LEN64] = {""}, args[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:14884:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (line, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:15352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_BUFSIZ] = {""}, *txt = NULL, *feature = "Line";
data/gmt-6.1.1+dfsg/src/gmt_support.c:15415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN256] = {""}, *U = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:15588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, **list = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:15607:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atol (p);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_x[GMT_LEN256] = {""}, txt_y[GMT_LEN256] = {""}, the_rest[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16277:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mem_report[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[3][GMT_LEN32] = {{""}, {""}, {""}}, *m = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:16512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16908:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX] = {""}, line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:16929:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " 2> NUL");
data/gmt-6.1.1+dfsg/src/gmt_support.c:16931:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " 2> /dev/null");
data/gmt-6.1.1+dfsg/src/gmt_support.c:16975:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64] = {""}, txt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17048:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opts[GMT_BUFSIZ] = {""}, string[4] = {" - "};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFSIZ] = {""}, argument[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17102:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (C[k], "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:17256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[2] = {'\t', 0}; /* The tab character in a string */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17348:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[GMT_LEN128] = {""}; /* So max length of variable name is 127 */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17370:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *layer[3] = {"background", "foreground", "title"};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, record[GMT_LEN256] = {""}, *p = NULL, *prev = NULL, *start = NULL;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char var_token[4] = "$$%";
data/gmt-6.1.1+dfsg/src/gmt_support.c:17480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_support.c:17495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmt_symbol.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64]; /* Name of this symbol (i.e., just the <name> in [<dir>/]<name>.def) */
data/gmt-6.1.1+dfsg/src/gmt_symbol.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN128]; /* Alternative user-specified label */
data/gmt-6.1.1+dfsg/src/gmt_symbol.h:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4][GMT_LEN64]; /* User-changable labels for W, E, S, N point */
data/gmt-6.1.1+dfsg/src/gmt_symbol.h:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlabel[GMT_LEN256]; /* Magnetic declination label */
data/gmt-6.1.1+dfsg/src/gmt_texture.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style[GMT_PEN_LEN]; /* Uses points as unit internally */
data/gmt-6.1.1+dfsg/src/gmt_texture.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[PATH_MAX]; /* Full filename of user-defined raster pattern */
data/gmt-6.1.1+dfsg/src/gmt_texture.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN32]; /* Name of the font */
data/gmt-6.1.1+dfsg/src/gmt_time.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char epoch[GMT_LEN64]; /* User-defined epoch for time */
data/gmt-6.1.1+dfsg/src/gmt_types.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *txt[2]; /* Low and high label [-+] */
data/gmt-6.1.1+dfsg/src/gmt_types.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_option[31]; /* Name of corresponding long option */
data/gmt-6.1.1+dfsg/src/gmt_types.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_directives[32]; /* Single character directives, comma-separated */
data/gmt-6.1.1+dfsg/src/gmt_types.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_directives[256]; /* Long name directives, comma-separated */
data/gmt-6.1.1+dfsg/src/gmt_types.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_modifiers[32]; /* Single character modifiers, comma-separated */
data/gmt-6.1.1+dfsg/src/gmt_types.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_modifiers[256]; /* Long name modifiers, comma-separated */
data/gmt-6.1.1+dfsg/src/gmt_types.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[GMT_LEN256]; /* File prefix (no extension) */
data/gmt-6.1.1+dfsg/src/gmt_types.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formats[GMT_LEN64]; /* List of comma-separated extensions(formats) */
data/gmt-6.1.1+dfsg/src/gmt_types.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[GMT_LEN256]; /* Optional arguments to psconvert (e.g., -A, -E, ...) */
data/gmt-6.1.1+dfsg/src/gmt_types.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refpoint[3]; /* Reference point for panel tag */
data/gmt-6.1.1+dfsg/src/gmt_types.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char justify[3]; /* Justification relative to refpoint */
data/gmt-6.1.1+dfsg/src/gmt_types.h:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[GMT_LEN128]; /* Panel tag, e.g., a) */
data/gmt-6.1.1+dfsg/src/gmt_types.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN64]; /* Panel fill color */
data/gmt-6.1.1+dfsg/src/gmt_types.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64]; /* Panel tag pen outline */
data/gmt-6.1.1+dfsg/src/gmt_types.h:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Baxes[GMT_LEN128]; /* The -B setting for selected axes, including +color, tec */
data/gmt-6.1.1+dfsg/src/gmt_types.h:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Btitle[GMT_LEN128]; /* The -B setting for any title */
data/gmt-6.1.1+dfsg/src/gmt_types.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bxlabel[GMT_LEN128]; /* The -Bx setting for x labels */
data/gmt-6.1.1+dfsg/src/gmt_types.h:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bylabel[GMT_LEN128]; /* The -By setting for x labels */
data/gmt-6.1.1+dfsg/src/gmt_types.h:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bxannot[GMT_LEN32]; /* The -Bx setting for annotations */
data/gmt-6.1.1+dfsg/src/gmt_types.h:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Byannot[GMT_LEN32]; /* The -By setting for annotations */
data/gmt-6.1.1+dfsg/src/gmt_types.h:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_name[4][12][GMT_LEN16]; /* Full, short, 1-char, and short (upper case) month names */
data/gmt-6.1.1+dfsg/src/gmt_types.h:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day_name[3][7][GMT_LEN16]; /* Full, short, and 1-char weekday names */
data/gmt-6.1.1+dfsg/src/gmt_types.h:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char week_name[3][GMT_LEN16]; /* Full, short, and 1-char versions of the word Week */
data/gmt-6.1.1+dfsg/src/gmt_types.h:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cardinal_name[3][4][GMT_LEN16]; /* Full, and abbreviated (map annot., direction) versions of compass directions */
data/gmt-6.1.1+dfsg/src/gmt_types.h:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *history[GMT_N_UNIQUE]; /* The internal gmt.history information */
data/gmt-6.1.1+dfsg/src/gmt_types.h:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[3][2][GMT_LEN256]; /* Keeps the 6 formats for dd:mm:ss plot output */
data/gmt-6.1.1+dfsg/src/gmt_types.h:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit_name[4][GMT_LEN8]; /* Full name of the 4 units cm, inch, m, pt */
data/gmt-6.1.1+dfsg/src/gmt_types.h:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *grdformat[GMT_N_GRD_FORMATS]; /* Type and description of grid format */
data/gmt-6.1.1+dfsg/src/gmt_vector.c:39:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oa, a+n*n1, sizeof(double)*n);
data/gmt-6.1.1+dfsg/src/gmt_vector.c:40:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a+n*n1, a+n*n2, sizeof(double)*n);
data/gmt-6.1.1+dfsg/src/gmt_vector.c:41:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a+n*n2, oa, sizeof(double)*n);
data/gmt-6.1.1+dfsg/src/gmt_vector.c:1242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tr[2] = {'t', '\0'}; /* If B is a vector we must switch to n */
data/gmt-6.1.1+dfsg/src/gmtconnect.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN64] = {""}, B[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmtconnect.c:337:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status[2] = {'C', 'O'};
data/gmt-6.1.1+dfsg/src/gmtconnect.c:602:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "Pair %d - %d, dd[i][j] = %g, %g, %g, %g\n", (int)iseg, (int)jseg, dd[0][0], dd[0][1], dd[1][0], dd[1][1]);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:629:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "Seg %d dist[0], next_dist[0], dist[1], next_dist[1] = %g, %g, %g, %g\n", (int)iseg, segment[iseg].nearest[0].dist, segment[iseg].nearest[0].next_dist, segment[iseg].nearest[1].dist, segment[iseg].nearest[1].next_dist);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_BUFSIZ] = {""}, name0[GMT_BUFSIZ] = {""}, name1[GMT_BUFSIZ] = {""}, fmt[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmtconnect.c:753:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, text, len); /* Prepend to buffer */
data/gmt-6.1.1+dfsg/src/gmtconnect.c:780:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Single open segment not enlarged by connection");
data/gmt-6.1.1+dfsg/src/gmtconnect.c:784:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Composite segment made from %" PRIu64 " line segments", n_steps_pass_1);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmtconvert.c:228:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((value = atol (&p[1])) < 0)
data/gmt-6.1.1+dfsg/src/gmtconvert.c:234:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((value = atol (&p[1])) < 0)
data/gmt-6.1.1+dfsg/src/gmtconvert.c:267:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->E.mode = atoi (&opt->arg[1]); break;
data/gmt-6.1.1+dfsg/src/gmtconvert.c:312:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atol (opt->arg);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:344:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Z.last = atol (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:347:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Z.first = atol (opt->arg);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:348:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Z.last = (c[1]) ? (int64_t)atol (&c[1]) : INTMAX_MAX; /* Last record if not given */
data/gmt-6.1.1+dfsg/src/gmtconvert.c:353:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Z.last = atol (opt->arg);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *method[2] = {"concatenated", "pasted"}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmtconvert.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *way[3] = {"descending", "", "ascending"};
data/gmt-6.1.1+dfsg/src/gmtget.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char planet[GMT_LEN32] = {""}, group[GMT_LEN32] = {""}, dataset[GMT_LEN64] = {""}, size[GMT_LEN32] = {""}, message[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtget.c:255:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (size, "N/A");
data/gmt-6.1.1+dfsg/src/gmtget.c:289:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, hashpath[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmtget.c:297:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (hashpath, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/gmtinfo.c:248:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (opt->arg[1]) Ctrl->E.col = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:327:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.col = atoi (&c[2]);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, chosen[GMT_BUFSIZ] = {""}, record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmtinfo.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, delimiter[2] = {""}, *t_ptr = NULL;
data/gmt-6.1.1+dfsg/src/gmtinfo.c:502:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_geo_out, "+D");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:509:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_geo_out, "ddd:mm:ssF");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:590:38: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (GMT->common.R.active[GSET]) strcpy (buffer, " (-r is ignored).");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:602:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Bounding box for table data");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:680:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-R%g/%g/", wesn[XLO], wesn[XHI]);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:682:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-R");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:692:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-T");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:709:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (record, "dataset");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:714:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, ": N = %" PRIu64 "\t", n); /* Number of records in this item */
data/gmt-6.1.1+dfsg/src/gmtlogo.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtlogo.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN256] = {""}, pars[GMT_LEN128] = {""}, file[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/gmtmath.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pre[2] = {"LSQ", "SVD"};
data/gmt-6.1.1+dfsg/src/gmtmath.c:386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:387:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "#coefficients");
data/gmt-6.1.1+dfsg/src/gmtmath.c:417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:418:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "#t[0]\tobserved(t)[1]\tpredict(t)[2]\tresidual(t)[3]");
data/gmt-6.1.1+dfsg/src/gmtmath.c:419:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (info->w_mode == GMTMATH_WEIGHTS) strcat (header, "\tweight(t)[4]");
data/gmt-6.1.1+dfsg/src/gmtmath.c:420:45: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (info->w_mode == GMTMATH_SIGMAS) strcat (header, "\tsigma(t)[4]");
data/gmt-6.1.1+dfsg/src/gmtmath.c:785:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:4067:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *name[2] = {"PV", "QV"};
data/gmt-6.1.1+dfsg/src/gmtmath.c:5851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:5958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmtmath.c:6008:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *operator[GMTMATH_N_OPERATORS + 1] = {
data/gmt-6.1.1+dfsg/src/gmtread.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/gmtregress.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[GMTREGRESS_N_FARGS]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/gmtregress.c:851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtregress.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/gmtregress.c:1145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/gmtselect.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, za[GMT_LEN64] = {""}, zb[GMT_LEN64] = {""}, p[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/gmtselect.c:459:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'c': col = atoi (&p[1]); break; /* Set z column # */
data/gmt-6.1.1+dfsg/src/gmtselect.c:545:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shore_resolution[5] = {"full", "high", "intermediate", "low", "crude"};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:844:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, txt_c[GMT_LEN64] = {""}, p[GMT_LEN256] = {""}, *s = NULL;
data/gmt-6.1.1+dfsg/src/gmtspatial.c:965:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.ID = (p[1]) ? atoi (&p[1]) : 1;
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *kind[2] = {"CCW", "CW"};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN256] = {""}, *name[2][2] = {{"x", "y"}, {"lon", "lat"}};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1292:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "NN_dist[0]\tID[1]\tNN_ID[2]");
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1408:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type[2] = {"length", "area"}, upper[GMT_LEN32] = {"infinity"};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1447:52: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (Ctrl->Q.area && Ctrl->Q.limit[1] < DBL_MAX) sprintf (upper, "%.12g", Ctrl->Q.limit[1]);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, fmt[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1649:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "New segment");
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1660:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "New segment");
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1679:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "New segment");
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1714:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "New segment");
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[10] = {"approximate-reversed-superset", "approximate-reversed-subset", "approximate-reversed", "exact-reversed" , "", "exact", "approximate", "approximate-subset", "approximate-superset", "Dateline-split"};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, format[GMT_BUFSIZ] = {""}, src[GMT_BUFSIZ] = {""}, dup[GMT_BUFSIZ] = {""}, *feature[2] = {"polygon", "line"}, *from = NULL;
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1823:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(D->n_tables == 1) ? sprintf (src, "[ segment %" PRIu64 " ]", seg) : sprintf (src, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl, seg);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1823:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(D->n_tables == 1) ? sprintf (src, "[ segment %" PRIu64 " ]", seg) : sprintf (src, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl, seg);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1837:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(D->n_tables == 1) ? sprintf (src, "[ segment %" PRIu64 " ]", seg) : sprintf (src, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl, seg);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1837:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(D->n_tables == 1) ? sprintf (src, "[ segment %" PRIu64 " ]", seg) : sprintf (src, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl, seg);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1838:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(C->n_tables == 1) ? sprintf (dup, "[ segment %" PRIu64 " ]", seg2) : sprintf (dup, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl2, seg2);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1838:77: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(C->n_tables == 1) ? sprintf (dup, "[ segment %" PRIu64 " ]", seg2) : sprintf (dup, "[ table %" PRIu64 " segment %" PRIu64 " ]", tbl2, seg2);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1907:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seg_label[GMT_LEN64] = {""}, record[GMT_BUFSIZ] = {""}, *kind[2] = {"Middle point", "All points"};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1947:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ID = atoi (seg_label);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1949:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ID = atoi (seg_label);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1983:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, txt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1986:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, " -Z%d", ID);
data/gmt-6.1.1+dfsg/src/gmtvector.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, txt_c[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmtvector.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, txt_c[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gmtwhich.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gmtwhich.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[PATH_MAX] = {""}, *Yes = "Y", *No = "N", cwd[PATH_MAX] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/gmtwrite.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/grd2cpt.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN32] = {""}, txt_b[GMT_LEN32] = {""}, *c;
data/gmt-6.1.1+dfsg/src/grd2cpt.c:357:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.n_levels = atoi (T_arg);
data/gmt-6.1.1+dfsg/src/grd2cpt.c:382:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.n_levels = atoi (S_arg);
data/gmt-6.1.1+dfsg/src/grd2cpt.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, *l = NULL, **grdfile = NULL;
data/gmt-6.1.1+dfsg/src/grd2kml.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[16];
data/gmt-6.1.1+dfsg/src/grd2kml.c:256:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->H.factor = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grd2kml.c:264:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:291:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->L.size = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grd2kml.c:303:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->S.extra = (opt->arg[0]) ? atoi (opt->arg) : 1;
data/gmt-6.1.1+dfsg/src/grd2kml.c:357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "L%2.2d", level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:363:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "../%2.2d/", level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:367:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%2.2d/", level);
data/gmt-6.1.1+dfsg/src/grd2kml.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_int[GMT_LEN32] = {""}, fwidth[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:440:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fwidth, "%.8g", f * inc);
data/gmt-6.1.1+dfsg/src/grd2kml.c:441:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s_int, "%.16g", inc);
data/gmt-6.1.1+dfsg/src/grd2kml.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[4] = {"Boxcar", "Cosine-taper", "Gaussian", "Median"};
data/gmt-6.1.1+dfsg/src/grd2kml.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_BUFSIZ] = {""}, level_dir[PATH_MAX] = {""}, Zgrid[PATH_MAX] = {""}, Igrid[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char W[GMT_LEN16] = {""}, E[GMT_LEN16] = {""}, S[GMT_LEN16] = {""}, N[GMT_LEN16] = {""}, file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DataGrid[PATH_MAX] = {""}, IntensGrid[PATH_MAX] = {""}, path[PATH_MAX] = {""}, filt_report[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN128] = {""}, ps_cmd[GMT_LEN128] = {""}, contour_file[GMT_VF_LEN] = {""}, K[4] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char box[GMT_LEN32] = {""}, grdimage[GMT_LEN256] = {""}, grdcontour[GMT_LEN256] = {""}, scalepen_arg[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:490:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *alt_mode[3] = {"relativeToGround", "relativeToSeaFloor", "absolute"};
data/gmt-6.1.1+dfsg/src/grd2kml.c:491:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ext[2] = {"jpg", "png"}, img_code[2] = {'j', 'G'}, *transp = " -Q";
data/gmt-6.1.1+dfsg/src/grd2kml.c:670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cptfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:748:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (K, " -K"); /* Since now we must do a contour overlay */
data/gmt-6.1.1+dfsg/src/grd2kml.c:753:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->C.active) { strcat (grdimage, " -C"); strcat (grdimage, Ctrl->C.file); }
data/gmt-6.1.1+dfsg/src/grd2kml.c:759:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ps_cmd, "-E100 -P -Ve -Z -H%d", Ctrl->H.factor);
data/gmt-6.1.1+dfsg/src/grd2kml.c:761:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ps_cmd, "-E100 -P -Ve -Z");
data/gmt-6.1.1+dfsg/src/grd2kml.c:793:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filt_report, " [Original grid used]");
data/gmt-6.1.1+dfsg/src/grd2kml.c:805:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (scalepen_arg, " -W+s%g/%g", p, Ctrl->W.cutoff);
data/gmt-6.1.1+dfsg/src/grd2kml.c:849:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z_data[GMT_VF_LEN] = {""}, psfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:860:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagefile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grd2kml.c:929:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Q[n]->tag, "L%2.2dR%3.3dC%3.3d", level, row, col);
data/gmt-6.1.1+dfsg/src/grd2kml.c:951:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (box, "%g x %g d", step, step);
data/gmt-6.1.1+dfsg/src/grd2kml.c:953:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (box, "%g x %g m", 60*step, 60*step);
data/gmt-6.1.1+dfsg/src/grd2kml.c:1020:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/grd2xyz.c:172:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grd2xyz.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grd2xyz.c:357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "ncols %d\nnrows %d", G->header->n_columns, G->header->n_rows);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:360:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "xllcorner ");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:364:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "yllcorner ");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:370:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "xllcenter ");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:374:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "yllcenter ");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:379:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "cellsize ");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:383:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "nodata_value %ld", lrint (Ctrl->E.nodata));
data/gmt-6.1.1+dfsg/src/grd2xyz.c:389:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (item, "%ld", lrint (Ctrl->E.nodata));
data/gmt-6.1.1+dfsg/src/grd2xyz.c:393:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (item, "%ld", lrint ((double)G->data[ij]));
data/gmt-6.1.1+dfsg/src/grd2xyz.c:440:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->header->x_units, "col");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:441:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->header->y_units, "row");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:450:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, "weight");
data/gmt-6.1.1+dfsg/src/grdblend.c:98:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open; /* true if file is currently open */
data/gmt-6.1.1+dfsg/src/grdblend.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX]; /* Name of grid file */
data/gmt-6.1.1+dfsg/src/grdblend.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *not_supported[N_NOT_SUPPORTED] = {"rb", "rf", "sf", "sd", "af", "ei", "ef", "gd"};
data/gmt-6.1.1+dfsg/src/grdblend.c:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *not_supported[N_NOT_SUPPORTED] = {"rb", "rf", "sf", "sd", "af", "ei", "ef"};
data/gmt-6.1.1+dfsg/src/grdblend.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdblend.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[2] = {"grid", "inner grid"};
data/gmt-6.1.1+dfsg/src/grdblend.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sense[2] = {"normal", "inverse"}, buffer[GMT_BUFSIZ] = {""}, res[4] = {""};
data/gmt-6.1.1+dfsg/src/grdblend.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Iargs[GMT_LEN256] = {""}, Rargs[GMT_LEN256] = {""}, cmd[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdblend.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_in[GMT_LEN256] = {""}, file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdblend.c:291:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!delayed) sprintf (res, "-r%c", (Grid->header->registration == GMT_GRID_PIXEL_REG) ? 'p' : 'g'); /* We know the required registration up front */
data/gmt-6.1.1+dfsg/src/grdblend.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tile[8] = {""};
data/gmt-6.1.1+dfsg/src/grdblend.c:402:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Iargs, "-I%.12g/%.12g", h->inc[GMT_X], h->inc[GMT_Y]);
data/gmt-6.1.1+dfsg/src/grdblend.c:425:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Rargs, "-R%.12g/%.12g/%.12g/%.12g", wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI]);
data/gmt-6.1.1+dfsg/src/grdblend.c:436:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Rargs, "-R%.12g/%.12g/%.12g/%.12g", wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI]);
data/gmt-6.1.1+dfsg/src/grdblend.c:444:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "grdblend_resampled_%d_%d.nc", (int)getpid(), n);
data/gmt-6.1.1+dfsg/src/grdblend.c:448:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (gmt_M_is_geographic (GMT, GMT_IN)) strcat (cmd, " -fg");
data/gmt-6.1.1+dfsg/src/grdblend.c:449:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/grdblend.c:463:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "grdblend_reformatted_%d_%d.nc", (int)getpid(), n);
data/gmt-6.1.1+dfsg/src/grdblend.c:465:44: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (gmt_M_is_geographic (GMT, GMT_IN)) strcat (cmd, " -fg");
data/gmt-6.1.1+dfsg/src/grdblend.c:466:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/grdblend.c:554:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (B[k].open) { /* If an open file then we wipe */
data/gmt-6.1.1+dfsg/src/grdblend.c:580:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!B[k].open) {
data/gmt-6.1.1+dfsg/src/grdblend.c:922:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outtemp, "grdblend_temp_%d.nc", (int)getpid()); /* Get temporary file name */
data/gmt-6.1.1+dfsg/src/grdblend.c:1064:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (blend[k].open || blend[k].memory) {
data/gmt-6.1.1+dfsg/src/grdblend.c:1068:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (blend[k].open) {
data/gmt-6.1.1+dfsg/src/grdblend.c:1076:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdblend.c:1082:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (empty, "NaN");
data/gmt-6.1.1+dfsg/src/grdblend.c:1084:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (empty, "%g", no_data_f);
data/gmt-6.1.1+dfsg/src/grdblend.c:1093:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN256] = {""}, *V_level = GMT_VERBOSE_CODES;
data/gmt-6.1.1+dfsg/src/grdclip.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdclip.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, format2[GMT_BUFSIZ] = {""}, buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdclip.c:378:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (format, "%" PRIu64 " values ");
data/gmt-6.1.1+dfsg/src/grdclip.c:385:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (format, "%" PRIu64 " values ");
data/gmt-6.1.1+dfsg/src/grdclip.c:386:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (format2, "%" PRIu64 " values ");
data/gmt-6.1.1+dfsg/src/grdclip.c:400:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (format, "%" PRIu64 " values ");
data/gmt-6.1.1+dfsg/src/grdcontour.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/grdcontour.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdcontour.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdcontour.c:398:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:407:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdcontour.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lbl[2], *def[2] = {"-", "+"};
data/gmt-6.1.1+dfsg/src/grdcontour.c:851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cont_label[GMT_LEN256] = {""}, format[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdcontour.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd0[GMT_LEN512] = {""}, cmd1[GMT_LEN512] = {""}, cmd2[GMT_LEN512] = {""}, string[GMT_LEN128] = {""}, cptfile[PATH_MAX] = {""}, *ptr = NULL;
data/gmt-6.1.1+dfsg/src/grdcontour.c:922:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dup_string[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/grdcontour.c:1012:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd1, " -Qs");
data/gmt-6.1.1+dfsg/src/grdcontour.c:1013:71: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (API->GMT->current.setting.run_mode == GMT_CLASSIC && !oneliner) strcat (cmd1, " -K"); /* If classic mode then we need to say we will append more PostScript later */
data/gmt-6.1.1+dfsg/src/grdcontour.c:1015:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd1, " -C");
data/gmt-6.1.1+dfsg/src/grdcontour.c:1024:71: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (API->GMT->current.setting.run_mode == GMT_CLASSIC && !oneliner) strcat (cmd2, " -O"); /* If classic mode then we need to say we this is an overlay */
data/gmt-6.1.1+dfsg/src/grdcontour.c:1031:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cmd0, "show");
data/gmt-6.1.1+dfsg/src/grdconvert.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdconvert.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[2][GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdconvert.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[GMT_GRID_COMMAND_LEN320] = {""};
data/gmt-6.1.1+dfsg/src/grdconvert.c:262:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (Ctrl->In.file[0] == '=') strcpy (fname[GMT_IN], "<stdin>");
data/gmt-6.1.1+dfsg/src/grdconvert.c:263:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (Ctrl->G.file[0] == '=') strcpy (fname[GMT_OUT], "<stdout>");
data/gmt-6.1.1+dfsg/src/grdconvert.c:305:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command, "(old cmd) ");
data/gmt-6.1.1+dfsg/src/grdconvert.c:323:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid->header->x_units, "x_units");
data/gmt-6.1.1+dfsg/src/grdconvert.c:324:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid->header->y_units, "y_units");
data/gmt-6.1.1+dfsg/src/grdcut.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char za[GMT_LEN64] = {""}, zb[GMT_LEN64] = {""}, zc[GMT_LEN64] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdcut.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[2][4] = {{"left", "right", "bottom", "top"}, {"west", "east", "south", "north"}};
data/gmt-6.1.1+dfsg/src/grdcut.c:727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdedit.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *registration[2] = {"gridline", "pixel"}, *out_file = NULL, *projstring = NULL;
data/gmt-6.1.1+dfsg/src/grdedit.c:569:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->header->x_units, "x_units");
data/gmt-6.1.1+dfsg/src/grdedit.c:570:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->header->y_units, "y_units");
data/gmt-6.1.1+dfsg/src/grdfft.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/grdfft.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ] = {""}, *name[2] = {"freq", "wlength"};
data/gmt-6.1.1+dfsg/src/grdfft.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdfft.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combined[GMT_BUFSIZ] = {""}, argument[GMT_LEN16] = {""}, p[GMT_LEN64] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdfft.c:643:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mod[0] == '\0') strcat (argument, "+l"); /* Leave trend alone -L */
data/gmt-6.1.1+dfsg/src/grdfft.c:644:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (mod[0] == 'm') strcat (argument, "+a"); /* Remove mean -Lm */
data/gmt-6.1.1+dfsg/src/grdfft.c:645:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (mod[0] == 'h') strcat (argument, "+h"); /* Remove mid-value -Lh */
data/gmt-6.1.1+dfsg/src/grdfft.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spec_msg[2] = {"spectrum", "cross-spectrum"};
data/gmt-6.1.1+dfsg/src/grdfill.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}, output[GMT_VF_LEN] = {""}, args[GMT_LEN256] = {""}, method[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/grdfill.c:256:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (method, "t%g", value);
data/gmt-6.1.1+dfsg/src/grdfill.c:260:53: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (G->header->registration == GMT_GRID_PIXEL_REG) strcat (args, " -r");
data/gmt-6.1.1+dfsg/src/grdfill.c:261:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (args, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/grdfilter.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc, a[GMT_LEN64] = {""}, b[GMT_LEN64] = {""}, txt[GMT_LEN256] = {""}, *p = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdfilter.c:737:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->D.mode = (opt->arg[0] == 'p') ? GRDFILTER_XY_PIXEL : atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdfilter.c:917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_code[GRDFILTER_N_FILTERS] = {'b', 'c', 'g', 'f', 'o', 'm', 'p', 'h', 'l', 'L', 'u', 'U'};
data/gmt-6.1.1+dfsg/src/grdfilter.c:918:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filter_name[GRDFILTER_N_FILTERS+3] = {"Boxcar", "Cosine Arch", "Gaussian", "Custom", "Operator", "Median", "LMS", "Histogram Mode", "Lower", \
data/gmt-6.1.1+dfsg/src/grdfilter.c:1337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_string[GMT_VF_LEN], out_string[GMT_VF_LEN], cmd[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/grdfilter.c:1350:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (gmt_M_is_geographic (GMT, GMT_IN)) strcat (cmd, " -fg");
data/gmt-6.1.1+dfsg/src/grdfilter.c:1351:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/grdfilter.c:1381:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen ("n_conv.txt", "w");
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, a[GMT_LEN64] = {""}, b[GMT_LEN64] = {""}, txt[GMT_LEN256] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:488:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->D.mode = (opt->arg[0] == 'p') ? GRDFILTER_XY_PIXEL : atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:573:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->z.n_threads = atoi(opt->arg);
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_code[GRDFILTER_N_FILTERS] = {'b', 'c', 'g', 'f', 'o', 'm', 'p', 'l', 'L', 'u', 'U'};
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filter_name[GRDFILTER_N_FILTERS+2] = {"Boxcar", "Cosine Arch", "Gaussian", "Custom", "Operator", "Median", "Mode", "Lower", \
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:1010:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_string[GMT_VF_LEN], out_string[GMT_VF_LEN], cmd[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:1021:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (gmt_M_is_geographic (GMT, GMT_IN)) strcat (cmd, " -fg");
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:1022:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:1052:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen ("n_conv.txt", "w");
data/gmt-6.1.1+dfsg/src/grdgdal.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN16] = {""}, txt_b[GMT_LEN256] = {""}, *p;
data/gmt-6.1.1+dfsg/src/grdgradient.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdgradient.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, buffer[GMT_GRID_REMARK_LEN160] = {""};
data/gmt-6.1.1+dfsg/src/grdgradient.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdgradient.c:451:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sfile, "grdgradient.stat");
data/gmt-6.1.1+dfsg/src/grdgradient.c:456:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (sfile, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/grdgradient.c:802:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Normalized directional derivative(s)");
data/gmt-6.1.1+dfsg/src/grdgradient.c:804:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Directional derivative(s)");
data/gmt-6.1.1+dfsg/src/grdgradient.c:811:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Lambertian radiance");
data/gmt-6.1.1+dfsg/src/grdgradient.c:813:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Peucker piecewise linear radiance");
data/gmt-6.1.1+dfsg/src/grdgradient.c:815:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "Directions of grad (z) [uphill direction]");
data/gmt-6.1.1+dfsg/src/grdgradient.c:834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdgradient.c:842:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sfile, "grdgradient.stat");
data/gmt-6.1.1+dfsg/src/grdgradient.c:843:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (sfile, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/grdhisteq.c:139:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdimage.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *gdal_ext[N_IMG_EXTENSIONS] = {"tiff", "tif", "gif", "png", "jpg", "bmp"};
data/gmt-6.1.1+dfsg/src/grdimage.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[3];
data/gmt-6.1.1+dfsg/src/grdimage.c:328:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->E.dpi = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdimage.c:362:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdimage.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_grd[GMT_VF_LEN] = {""}, int4_grd[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/grdimage.c:953:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_string[GMT_VF_LEN] = {""}, out_string[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/grdimage.c:1119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_layout[5] = {""}, *pch;
data/gmt-6.1.1+dfsg/src/grdinfo.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN32] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/grdinfo.c:165:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *M[2] = {"minimum", "maximum"}, *V[3] = {"negative", "all", "positive"}, *T[2] = {"column", "row"};
data/gmt-6.1.1+dfsg/src/grdinfo.c:280:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/grdinfo.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""}, record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdinfo.c:396:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-R");
data/gmt-6.1.1+dfsg/src/grdinfo.c:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptxt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdinfo.c:416:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *unit[2][2] = {{"m", "s"}, {" min", " sec"}};
data/gmt-6.1.1+dfsg/src/grdinfo.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, text[GMT_LEN512] = {""}, record[GMT_BUFSIZ] = {""}, grdfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdinfo.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[2] = { "Gridline", "Pixel"}, *sep = NULL, *projStr = NULL, *answer[2] = {"", " no"};
data/gmt-6.1.1+dfsg/src/grdinfo.c:743:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-R");
data/gmt-6.1.1+dfsg/src/grdinfo.c:756:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-I");
data/gmt-6.1.1+dfsg/src/grdinfo.c:863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *gtype[2] = {"Cartesian grid", "Geographic grid"};
data/gmt-6.1.1+dfsg/src/grdinfo.c:928:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " x_max: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:930:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " x_inc: "); grdinfo_smart_increments (GMT, G->header->inc, GMT_X, text); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:931:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " name: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:937:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, " n_columns: %d", G->header->n_columns); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:941:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " y_max: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:943:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " y_inc: "); grdinfo_smart_increments (GMT, G->header->inc, GMT_Y, text); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:944:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " name: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:950:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, " n_rows: %d", G->header->n_rows); strcat (record, text);
data/gmt-6.1.1+dfsg/src/grdinfo.c:958:85: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmt_ascii_format_col (GMT, text, z_min, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, " at x = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:959:85: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmt_ascii_format_col (GMT, text, x_min, GMT_OUT, GMT_X); strcat (record, text); strcat (record, " y = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:960:85: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmt_ascii_format_col (GMT, text, y_min, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, " z_max: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:961:85: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmt_ascii_format_col (GMT, text, z_max, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, " at x = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:962:85: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
gmt_ascii_format_col (GMT, text, x_max, GMT_OUT, GMT_X); strcat (record, text); strcat (record, " y = ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:974:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " z_max: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:976:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " name: "); strcat (record, G->header->z_units);
data/gmt-6.1.1+dfsg/src/grdinfo.c:1001:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " scale: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1008:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " stdev: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1010:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " rms: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1017:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, " lmsscale: ");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1127:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-T");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1161:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "-R");
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spline[GMT_LEN8];
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[3] = {'l', 'a', 'c'};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:89:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (C->F.spline, "%c", type[GMT->current.setting.interpolant]); /* Set default interpolant */
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[3] = {'l', 'a', 'c'};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:240:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, cube_layer[GMT_LEN64] = {""}, *nc_layer = NULL;
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:432:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_args[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i_file[GMT_VF_LEN] = {""}, o_file[GMT_VF_LEN] = {""}, grid[GMT_LEN128] = {""}, header[GMT_LEN256] = {""}, cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:548:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -R");
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:574:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "Location %g,%g", Si->data[GMT_X][row], Si->data[GMT_Y][row]);
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:642:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:660:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid->header->x_units, "longitude [degrees_east]");
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:662:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid->header->x_units, "latitude [degrees_north]");
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:664:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (unit, "Distance (%c)", Ctrl->E.unit);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, ptr[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdlandmask.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdlandmask.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shore_resolution[5] = {"full", "high", "intermediate", "low", "crude"};
data/gmt-6.1.1+dfsg/src/grdmask.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[PATH_MAX] = {""}, *c = NULL, *S_copy = NULL;
data/gmt-6.1.1+dfsg/src/grdmask.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64] = {""};
data/gmt-6.1.1+dfsg/src/grdmask.c:245:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_cells = atoi(S_copy) + 1; /* + 1 so that 0 means cell with point only */
data/gmt-6.1.1+dfsg/src/grdmask.c:246:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "%.12g/%.12g", n_cells * GMT->common.R.inc[GMT_X], n_cells * GMT->common.R.inc[GMT_Y]);
data/gmt-6.1.1+dfsg/src/grdmask.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_item[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdmask.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, *msg[2] = {"polygons", "search radius"};
data/gmt-6.1.1+dfsg/src/grdmath.c:4212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *name[2] = {"PV", "QV"};
data/gmt-6.1.1+dfsg/src/grdmath.c:6097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdmath.c:6130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *operator[GRDMATH_N_OPERATORS + 1] = {
data/gmt-6.1.1+dfsg/src/grdmix.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[N_ITEMS];
data/gmt-6.1.1+dfsg/src/grdmix.c:109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *type[2] = {"grid or image", "image"};
data/gmt-6.1.1+dfsg/src/grdmix.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[N_ITEMS] = {NULL, NULL, NULL, "alpha", "blend", "intens"};
data/gmt-6.1.1+dfsg/src/grdmix.c:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4] = {'R', 'G', 'B', 'A'}, file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdmix.c:730:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/grdmix.c:732:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "+proj=longlat +a=%f +b=%f +no_defs", GMT->current.setting.ref_ellipsoid[k].eq_radius,
data/gmt-6.1.1+dfsg/src/grdpaste.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/grdpaste.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdproject.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdproject.c:154:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdproject.c:189:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%d+/%d+", ii, jj);
data/gmt-6.1.1+dfsg/src/grdproject.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256+6] = {""}, unit_name[GMT_GRID_UNIT_LEN80] = {""}, scale_unit_name[GMT_GRID_UNIT_LEN80] = {""};
data/gmt-6.1.1+dfsg/src/grdproject.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_R[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdproject.c:287:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (opt_R, "%.12f/%.12f/%.12f/%.12f", wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI]);
data/gmt-6.1.1+dfsg/src/grdproject.c:322:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (opt_R, "%.12f/%.12f/%.12f/%.12f", lon_t-1, lon_t+1, lat_t-1, lat_t+1);
data/gmt-6.1.1+dfsg/src/grdproject.c:356:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (opt_R, "%.12f/%.12f/%.12f/%.12fr", MIN(xSW, xNW), yB, MAX(xNE, xSE), yT);
data/gmt-6.1.1+dfsg/src/grdproject.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GMT_LEN256] = {""}, gdal_ellipsoid_name[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/grdproject.c:492:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Geo->header->x_units, "longitude [degrees_east]");
data/gmt-6.1.1+dfsg/src/grdproject.c:493:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Geo->header->y_units, "latitude [degrees_north]");
data/gmt-6.1.1+dfsg/src/grdproject.c:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "+proj=longlat +a=%f +b=%f +no_defs", GMT->current.setting.ref_ellipsoid[k].eq_radius,
data/gmt-6.1.1+dfsg/src/grdproject.c:505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "+proj=longlat +a=%f +b=%f +no_defs", GMT->current.setting.ref_ellipsoid[k].eq_radius,
data/gmt-6.1.1+dfsg/src/grdproject.c:508:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "+proj=longlat +a=%f +b=%f +no_defs", GMT->current.setting.ref_ellipsoid[k].eq_radius,
data/gmt-6.1.1+dfsg/src/grdsample.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdsample.c:147:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%d+/%d+", ii, jj);
data/gmt-6.1.1+dfsg/src/grdsample.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdsample.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&format, "Output", 6);
data/gmt-6.1.1+dfsg/src/grdtrack.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[MAX_GRIDS];
data/gmt-6.1.1+dfsg/src/grdtrack.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdtrack.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ta[GMT_LEN64] = {""}, tb[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdtrack.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tc[GMT_LEN64] = {""}, p[GMT_LEN256] = {""}, *c = NULL, X;
data/gmt-6.1.1+dfsg/src/grdtrack.c:383:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/grdtrack.c:687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, run_cmd[BUFSIZ] = {""}, *cmd = NULL;
data/gmt-6.1.1+dfsg/src/grdtrend.c:203:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (opt->arg[j]) Ctrl->N.value = atoi(&opt->arg[j]);
data/gmt-6.1.1+dfsg/src/grdtrend.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbasis[10][16], format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdtrend.c:407:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[0], "Mean");
data/gmt-6.1.1+dfsg/src/grdtrend.c:410:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[3], "X*Y");
data/gmt-6.1.1+dfsg/src/grdtrend.c:411:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[4], "P2(x)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:412:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[5], "P2(y)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:413:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[6], "P3(x)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:414:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[7], "P2(x)*P1(y)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:415:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[8], "P1(x)*P2(y)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:416:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pbasis[9], "P3(y)");
data/gmt-6.1.1+dfsg/src/grdtrend.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/grdvector.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/grdvector.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[5] = "cimp";
data/gmt-6.1.1+dfsg/src/grdvector.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, symbol;
data/gmt-6.1.1+dfsg/src/grdvector.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_unit[GMT_LEN8] = {""};
data/gmt-6.1.1+dfsg/src/grdvector.c:614:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (v_unit, "km");
data/gmt-6.1.1+dfsg/src/grdview.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[3];
data/gmt-6.1.1+dfsg/src/grdview.c:518:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN256] = {""}, B[GMT_LEN256] = {""}, C[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdview.c:546:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/grdview.c:589:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colors[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdview.c:626:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (opt->arg[1] && isdigit ((int)opt->arg[1])) Ctrl->Q.dpi = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/grdview.c:637:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (opt->arg[1] && isdigit ((int)opt->arg[1])) Ctrl->Q.dpi = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/grdview.c:680:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/grdview.c:716:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdview.c:894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_grd[GMT_VF_LEN] = {""}, data_file[PATH_MAX] = {""}, cmd[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/grdvolume.c:703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/grdvolume.c:704:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "#contour\tarea\tvolume\theight");
data/gmt-6.1.1+dfsg/src/greenspline.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[6][GMT_LEN64], p[GMT_BUFSIZ] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/greenspline.c:466:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->D.mode = atoi (opt->arg); /* Since I added 0 to be 1-D later so now this is mode -1 */
data/gmt-6.1.1+dfsg/src/greenspline.c:1127:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("greenspline.b", "wb");
data/gmt-6.1.1+dfsg/src/greenspline.c:1304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[4] = {"Remove mean", "Normalization mode: Remove %d-D linear trend\n", "Remove mean and normalize data", "Normalization mode: Remove %d-D linear trend and normalize data"};
data/gmt-6.1.1+dfsg/src/greenspline.c:1433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *method[N_METHODS] = {"Minimum curvature Cartesian spline [1-D]",
data/gmt-6.1.1+dfsg/src/greenspline.c:2232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/greenspline.c:2306:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/greenspline.c:2308:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "#lon\tlat\t");
data/gmt-6.1.1+dfsg/src/greenspline.c:2310:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "#x\t");
data/gmt-6.1.1+dfsg/src/greenspline.c:2311:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (dimension > 1) strcat (header, "y\t");
data/gmt-6.1.1+dfsg/src/greenspline.c:2312:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (dimension > 2) strcat (header, "z\t");
data/gmt-6.1.1+dfsg/src/greenspline.c:2314:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (header, "obs\tpredict\tdev");
data/gmt-6.1.1+dfsg/src/greenspline.c:2315:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->W.active) strcat (header, "\tchi2");
data/gmt-6.1.1+dfsg/src/greenspline.c:2415:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mkind[3] = {"", "Incremental", "Cumulative"};
data/gmt-6.1.1+dfsg/src/greenspline.c:2416:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&unsigned32, h, sizeof(struct GSHHG_HEADER));
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (h, &unsigned32, sizeof(struct GSHHG_HEADER));
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&unsigned32, &p->x, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&p->x, &unsigned32, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&unsigned32, &p->y, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/gshhg/gmt_gshhg.h:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&p->y, &unsigned32, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:150:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:157:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/gshhg/gshhg.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char west[GMT_LEN64] = {""}, east[GMT_LEN64] = {""}, south[GMT_LEN64] = {""}, north[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/gshhg_version.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gshhg_version_string[BUF_SIZE]; /* GSHHG version string */
data/gmt-6.1.1+dfsg/src/img/img2grd.c:293:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[PATH_MAX] = {""}, cmd[GMT_BUFSIZ] = {""}, input[GMT_VF_LEN] = {""}, output[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/img/img2grd.c:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z_units[GMT_GRID_UNIT_LEN80] = {""}, exact_R[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/img/img2grd.c:497:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (z_units, "meters, mGal, Eotvos, micro-radians or Myr, depending on img file and -S.");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:501:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (z_units, "Myr");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:506:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (z_units, "meter");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:511:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (z_units, "mGal");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:516:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (z_units, "Eotvos");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:524:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (Ctrl->T.value == 3) strcpy (z_units, "T/F, one or more constraints fell in this pixel.");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:587:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (exact_R, "%.16g/%.16g/%.16g/%.16g", wesn[XLO], wesn[XHI], wesn[YLO], wesn[YHI]);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:636:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Merc->header->x_units, "longitude [degrees_east]");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:637:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Merc->header->y_units, "latitude [degrees_north]");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:640:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Merc->header->title, "Data from Altimetry");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:813:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Geo->header->title, "Data from Altimetry");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:815:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Geo->header->x_units, "longitude [degrees_east]");
data/gmt-6.1.1+dfsg/src/img/img2grd.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Geo->header->y_units, "latitude [degrees_north]");
data/gmt-6.1.1+dfsg/src/inset.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, ffile[PATH_MAX] = {""}, Bopts[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/inset.c:285:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (ffile, "r")) == NULL)
data/gmt-6.1.1+dfsg/src/inset.c:295:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/inset.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[GMT_LEN16] = {""}, legend_justification[4] = {""}, pen[GMT_LEN32] = {""}, fill[GMT_LEN32] = {""}, off[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/inset.c:321:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/inset.c:342:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r"))) { /* There is a gmt.frame file */
data/gmt-6.1.1+dfsg/src/inset.c:348:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (ffile, "w")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/kiss_fft/_kiss_fft_guts.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_align[8]; /* 16 byte alignment */
data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fft.c:379:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft);
data/gmt-6.1.1+dfsg/src/kiss_fft/kiss_fftnd.c:175:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( st->tmpbuf, fin, sizeof(kiss_fft_cpx) * st->dimprod );
data/gmt-6.1.1+dfsg/src/kml2gmt.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, name[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/kml2gmt.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN128] = {""}, description[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/kml2gmt.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *gm[3] = {"Point", "Line", "Polygon"}, *line = NULL;
data/gmt-6.1.1+dfsg/src/kml2gmt.c:233:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "kml2gmt: KML read from standard input");
data/gmt-6.1.1+dfsg/src/kml2gmt.c:242:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%.12g"); /* Get enough decimals */
data/gmt-6.1.1+dfsg/src/kml2gmt.c:293:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (name[0]) { strcat (GMT->current.io.segment_header, "-L\""); strcat (GMT->current.io.segment_header, name); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/kml2gmt.c:295:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (description[0]) { strcat (GMT->current.io.segment_header, "-D\""); strcat (GMT->current.io.segment_header, description); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/kml2gmt.c:320:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!GMT->current.io.segment_header[0]) sprintf (GMT->current.io.segment_header, "Next Point");
data/gmt-6.1.1+dfsg/src/kml2gmt.c:323:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!GMT->current.io.segment_header[0]) sprintf (GMT->current.io.segment_header, "Next feature");
data/gmt-6.1.1+dfsg/src/makecpt.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN32] = {""}, txt_b[GMT_LEN32] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/mapproject.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, from[GMT_LEN256] = {""}, to[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""}, unit_name[GMT_LEN64] = {""}, scale_unit_name[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[3] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:1044:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:1077:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message,"Transform " );
data/gmt-6.1.1+dfsg/src/mapproject.c:1079:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *auxlat[4] = {"authalic", "conformal", "meridional", "geocentric"};
data/gmt-6.1.1+dfsg/src/mapproject.c:1080:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (message, "Transform geodetic");
data/gmt-6.1.1+dfsg/src/mapproject.c:1081:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(Ctrl->I.active) ? strcat (message, " <- ") : strcat (message, " -> ");
data/gmt-6.1.1+dfsg/src/mapproject.c:1081:50: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(Ctrl->I.active) ? strcat (message, " <- ") : strcat (message, " -> ");
data/gmt-6.1.1+dfsg/src/mapproject.c:1083:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, " coordinates [degrees]\n");
data/gmt-6.1.1+dfsg/src/mapproject.c:1086:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/mapproject.c:1089:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(Ctrl->I.active) ? strcat (message, " <- ") : strcat (message, " -> ");
data/gmt-6.1.1+dfsg/src/mapproject.c:1089:50: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(Ctrl->I.active) ? strcat (message, " <- ") : strcat (message, " -> ");
data/gmt-6.1.1+dfsg/src/mapproject.c:1092:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, " [");
data/gmt-6.1.1+dfsg/src/mapproject.c:1094:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, "]\n");
data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, *c_unused = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.c:186:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(Ctrl->CM4_M.path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.c:323:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(Ctrl->CM4_D.path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/cm4_functions.c:391:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(Ctrl->CM4_I.path, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:340:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi (txt));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:725:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&record[k][78], "%02d", k + 1); /* Place sequence number */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:898:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
got = atoi (&record[78]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MGD77_header[MGD77_N_HEADER_RECORDS], line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, currentField[10] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1262:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi (tmp));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, r_date[9] = {""}, *stringp = NULL, *p = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, line[GMT_BUFSIZ] = {""}, *end = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1514:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!gmt_M_is_dnan (r_time)) { sprintf (buffer, "%.8g", r_time); strcat (line, buffer); } strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[MGD77_N_DATA_EXTENDED+1];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2068:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *abbrev[N_E77_AUX_FIELDS] = {"time", "lat", "lon", "twt", "mtf1", "gobs", "eot"};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2218:106: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MGD77_nc_status (GMT, nc_get_vara_schar (F->nc_id, H->info[c].col[id].var_id, &start, &count, (signed char *)tvals[n_txt++]));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2267:106: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MGD77_nc_status (GMT, nc_put_vara_schar (F->nc_id, H->info[c].col[id].var_id, &start, &count, (signed char *)tvals[n_txt++]));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32] = {""}, text[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MGD77_header[MGD77_N_HEADER_RECORDS];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[2] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2834:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (F->format != MGD77_FORMAT_CDF && (F->fp = fopen (F->path, mode)) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MGD77_header[MGD77_N_HEADER_RECORDS], line[BUFSIZ], *not_used = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MGD77_header, line[BUFSIZ], *not_used = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[151] = {""}, p[GMT_LEN128] = {""}, text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pscode[5] = {"Bathy", "Magnetics", "Gravity", "3.5 kHz", "Seismics"};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3281:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->File_Creation_Year[0] && ((i = atoi (P->File_Creation_Year)) < (1900 + MGD77_OLDEST_YY) || i > (1900 + T->tm_year))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3285:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->File_Creation_Month[0] && ((i = atoi (P->File_Creation_Month)) < 1 || i > 12)) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3289:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->File_Creation_Day[0] && ((i = atoi (P->File_Creation_Day)) < 1 || i > 31)) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3303:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Departure_Year[0] && ((i = atoi (P->Survey_Departure_Year)) < (1900 + MGD77_OLDEST_YY) || i > (1900 + T->tm_year) || (H->meta.Departure[0] && i != H->meta.Departure[0]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3305:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%04d", H->meta.Departure[0]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3307:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3311:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Departure_Month[0] && ((i = atoi (P->Survey_Departure_Month)) < 1 || i > 12 || (H->meta.Departure[1] && i != H->meta.Departure[1]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3313:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%02d", H->meta.Departure[1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3315:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3319:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Departure_Day[0] && ((i = atoi (P->Survey_Departure_Day)) < 1 || i > 31 || (H->meta.Departure[2] && i != H->meta.Departure[2]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3321:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%02d", H->meta.Departure[2]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3323:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3327:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Arrival_Year[0] && ((i = atoi (P->Survey_Arrival_Year)) < (1900 + MGD77_OLDEST_YY) || i > (1900 + T->tm_year) || (H->meta.Arrival[0] && i != H->meta.Arrival[0]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3329:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%04d", H->meta.Arrival[0]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3331:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3335:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Arrival_Month[0] && ((i = atoi (P->Survey_Arrival_Month)) < 1 || i > 12 || (H->meta.Arrival[1] && i != H->meta.Arrival[1]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3337:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%02d", H->meta.Arrival[1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3339:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3343:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Survey_Arrival_Day[0] && ((i = atoi (P->Survey_Arrival_Day)) < 1 || i > 31 || (H->meta.Arrival[2] && i != H->meta.Arrival[2]))) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3345:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%02d", H->meta.Arrival[2]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3347:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3400:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Bathymetry_Assumed_Sound_Velocity[0] && ((i = atoi (P->Bathymetry_Assumed_Sound_Velocity)) < 14000 || i > 15500)) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3508:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yr1 = (H->meta.Departure[0]) ? H->meta.Departure[0] : atoi (P->Survey_Departure_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3509:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yr2 = (H->meta.Arrival[0]) ? H->meta.Arrival[0] : atoi (P->Survey_Arrival_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_model[16] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3518:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (&P->Magnetics_Ref_Field[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3541:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(yr1 == yr2) ? sprintf (text, "%d", yr1) : sprintf (text, "%d-%d", yr1, yr2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3541:46: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(yr1 == yr2) ? sprintf (text, "%d", yr1) : sprintf (text, "%d-%d", yr1, yr2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3593:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Gravity_Departure_Base_Station[0] && ((i = atoi (P->Gravity_Departure_Base_Station)) < 9700000 || i > 9900000)) OR_TRUE) { /* Check in mGal*10 */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3606:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Gravity_Arrival_Base_Station[0] && ((i = atoi (P->Gravity_Arrival_Base_Station)) < 9700000 || i > 9900000))) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3623:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((P->Number_of_Ten_Degree_Identifiers[0] && (((n = atoi (P->Number_of_Ten_Degree_Identifiers)) < 1 || n > 30) || n != H->meta.n_ten_box)) OR_TRUE) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3865:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (match == length && ((id = atoi (item)) >= 1 && id <= MGD77_N_HEADER_ITEMS)) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, cstring[GMT_BUFSIZ] = {""}, bstring[GMT_BUFSIZ] = {""}, word[GMT_LEN256] = {""}, value[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4143:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (word, "time");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4147:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (word, "time");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4151:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (word, "time");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4359:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (".tmpdir", "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4621:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4629:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen (buffer, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4642:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi (buffer)) != N_CARTER_CORRECTIONS) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4654:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
C->carter_correction[i] = (short)atoi (buffer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4667:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi (buffer)) != N_CARTER_OFFSETS) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4679:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
C->carter_offset[i] = (short)atoi (buffer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4692:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi (buffer)) != N_CARTER_BINS) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4704:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
C->carter_zone[i] = (short)atoi (buffer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, name[GMT_LEN64] = {""}, factor[GMT_LEN64] = {""}, origin[GMT_LEN64] = {""}, basis[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5717:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arguments[GMT_BUFSIZ] = {""}, cruise[GMT_LEN64] = {""}, word[GMT_BUFSIZ] = {""}, *p = NULL, *f = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, name[GMT_LEN64] = {""}, factor[GMT_LEN64] = {""}, origin[GMT_LEN64] = {""}, basis[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arguments[GMT_BUFSIZ] = {""}, cruise[GMT_LEN64] = {""}, word[GMT_BUFSIZ] = {""}, *p = NULL, *f = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:5823:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *aux_names[N_MGD77_AUX] = {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6083:126: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yy[0] = (!H->mgd77[use]->Survey_Departure_Year[0] || !strncmp (H->mgd77[use]->Survey_Departure_Year, ALL_BLANKS, 4U)) ? 0 : atoi (H->mgd77[use]->Survey_Departure_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6084:122: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yy[1] = (!H->mgd77[use]->Survey_Arrival_Year[0] || !strncmp (H->mgd77[use]->Survey_Arrival_Year, ALL_BLANKS, 4U)) ? 0 : atoi (H->mgd77[use]->Survey_Arrival_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6085:128: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm[0] = (!H->mgd77[use]->Survey_Departure_Month[0] || !strncmp (H->mgd77[use]->Survey_Departure_Month, ALL_BLANKS, 2U)) ? 1 : atoi (H->mgd77[use]->Survey_Departure_Month);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6086:124: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm[1] = (!H->mgd77[use]->Survey_Arrival_Month[0] || !strncmp (H->mgd77[use]->Survey_Arrival_Month, ALL_BLANKS, 2U)) ? 1 : atoi (H->mgd77[use]->Survey_Arrival_Month);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6087:124: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dd[0] = (!H->mgd77[use]->Survey_Departure_Day[0] || !strncmp (H->mgd77[use]->Survey_Departure_Day, ALL_BLANKS, 2U)) ? 1 : atoi (H->mgd77[use]->Survey_Departure_Day);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6088:120: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dd[1] = (!H->mgd77[use]->Survey_Arrival_Day[0] || !strncmp (H->mgd77[use]->Survey_Arrival_Day, ALL_BLANKS, 2U)) ? 1 : atoi (H->mgd77[use]->Survey_Arrival_Day);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:6106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char ten_box[20][38]; /* Set to 1 for each box visited */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *path[3]; /* Paths to the three coefficient files */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MGD77_COL_ABBREV_LEN];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MGD77_N_STRING_FIELDS][10]; /* The 3 text strings in MGD77 records */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MGD77_COL_ABBREV_LEN]; /* Name of data col that is constrained */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_constraint[GMT_LEN64]; /* String value for testing */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MGD77_COL_ABBREV_LEN]; /* Name of data col that is to match exactly */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[MGD77_COL_ABBREV_LEN]; /* Current user id */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NGDC_id[MGD77_COL_ABBREV_LEN]; /* Current NGDC file tag id */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX]; /* Full path to current file */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.h:583:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN_MSC char *MGD77_suffix[MGD77_N_FORMATS];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_codes.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_codes.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_codes.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[8];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_codes.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[2] = { '\0', '\0'}, EOL = '\n';
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Att[64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Att[64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /* Name of this parameter (e.g., "Gravity_Sampling_Rate") */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr[2]; /* Pointers to the corresponding named variable in struct MGD77_HEADER_PARAMS (orig and revised) */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Identifier[9];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Format_Acronym[6];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Data_Center_File_Number[9];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Parameters_Surveyed_Code[6];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char File_Creation_Year[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char File_Creation_Month[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char File_Creation_Day[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Source_Institution[40];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Country[19];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Platform_Name[22];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Platform_Type[7];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Chief_Scientist[33];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Project_Cruise_Leg[59];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Funding[21];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Departure_Year[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Departure_Month[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Departure_Day[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Port_of_Departure[33];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Arrival_Year[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Arrival_Month[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Survey_Arrival_Day[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Port_of_Arrival[31];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Navigation_Instrumentation[41];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Geodetic_Datum_Position_Determination_Method[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Instrumentation[41];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Add_Forms_of_Data[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Instrumentation[41];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Add_Forms_of_Data[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Instrumentation[41];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Add_Forms_of_Data[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Seismic_Instrumentation[41];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Seismic_Data_Formats[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Format_Description[95];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Topmost_Latitude[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bottommost_Latitude[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Leftmost_Longitude[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rightmost_Longitude[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Digitizing_Rate[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Sampling_Rate[13];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Assumed_Sound_Velocity[6];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Datum_Code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bathymetry_Interpolation_Scheme[57];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Digitizing_Rate[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Sampling_Rate[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Sensor_Tow_Distance[5];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Sensor_Depth[6];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Sensor_Separation[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Ref_Field_Code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Ref_Field[13];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Magnetics_Method_Applying_Res_Field[48];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Digitizing_Rate[4];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Sampling_Rate[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Theoretical_Formula[18];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Reference_System[17];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Corrections_Applied[39];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Departure_Base_Station[8];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Departure_Base_Station_Name[34];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Arrival_Base_Station[8];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Gravity_Arrival_Base_Station_Name[32];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Number_of_Ten_Degree_Identifiers[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ten_Degree_Identifier[151];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_1[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_2[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_3[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_4[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_5[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_6[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Additional_Documentation_7[79];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_init.h:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *MGD77_suffix[MGD77_N_FORMATS] = {"nc", "m77t", "mgd77", "dat"};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, **list = NULL, *fcode = "cmat";
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *format_name[MGD77_N_FORMATS] = {"MGD77+ netCDF", "MGD77T ASCII", "MGD77 ASCII", "ASCII table"};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a77_file[PATH_MAX] = {""}, h77_file[PATH_MAX] = {""}, mgd77_file[PATH_MAX] = {""}, prefix[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:272:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen (mgd77_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:276:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fph77 = fopen (h77_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:281:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpa77 = fopen (a77_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:318:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%.10g"); /* To avoid losing precision upon rereading this file */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:341:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file, ".new"); /* To avoid overwriting original file */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tvalue[MGD77_MAX_COLS], buffer[BUFSIZ], name[BUFSIZ], value[BUFSIZ], params[BUFSIZ], line[BUFSIZ];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%.0f",floor(ymin));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:386:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Bottommost_Latitude");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:389:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%.0f",ceil(ymax));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:390:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Topmost_Latitude");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:393:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%.0f",floor(xmin));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:394:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Leftmost_Longitude");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%.0f",ceil(xmax));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:398:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Rightmost_Longitude");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:403:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%02d",(int)nten);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Number_of_Ten_Degree_Identifiers");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:432:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Ten_Degree_Identifier");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:437:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"%.8s",list[argno]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:438:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Identifier");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:441:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"MGD77");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:442:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Format_Acronym");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:445:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value,"11111");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:454:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Parameters_Surveyed_Code");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:457:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%d",1900+tod->tm_year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:458:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"File_Creation_Year");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:461:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%02d",1+tod->tm_mon);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:462:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"File_Creation_Month");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:465:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%02d",tod->tm_mday);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:466:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"File_Creation_Day");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:470:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Departure_Year");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:473:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Departure_Month");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:476:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Departure_Day");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:480:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Arrival_Year");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:483:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Arrival_Month");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:486:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"Survey_Arrival_Day");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:520:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "----------------------------------------\n"); fprintf (GMT->session.std[GMT_OUT], "%s", buffer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tvalue[MGD77_MAX_COLS], **list = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:521:132: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yy[0] = (!D->H.mgd77[use]->Survey_Departure_Year[0] || !strncmp (D->H.mgd77[use]->Survey_Departure_Year, ALL_BLANKS, 4U)) ? 0 : atoi (D->H.mgd77[use]->Survey_Departure_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:522:128: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yy[1] = (!D->H.mgd77[use]->Survey_Arrival_Year[0] || !strncmp (D->H.mgd77[use]->Survey_Arrival_Year, ALL_BLANKS, 4U)) ? 0 : atoi (D->H.mgd77[use]->Survey_Arrival_Year);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:523:134: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm[0] = (!D->H.mgd77[use]->Survey_Departure_Month[0] || !strncmp (D->H.mgd77[use]->Survey_Departure_Month, ALL_BLANKS, 2U)) ? 1 : atoi (D->H.mgd77[use]->Survey_Departure_Month);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:524:130: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm[1] = (!D->H.mgd77[use]->Survey_Arrival_Month[0] || !strncmp (D->H.mgd77[use]->Survey_Arrival_Month, ALL_BLANKS, 2U)) ? 1 : atoi (D->H.mgd77[use]->Survey_Arrival_Month);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:525:130: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dd[0] = (!D->H.mgd77[use]->Survey_Departure_Day[0] || !strncmp (D->H.mgd77[use]->Survey_Departure_Day, ALL_BLANKS, 2U)) ? 1 : atoi (D->H.mgd77[use]->Survey_Departure_Day);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:526:126: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dd[1] = (!D->H.mgd77[use]->Survey_Arrival_Day[0] || !strncmp (D->H.mgd77[use]->Survey_Arrival_Day, ALL_BLANKS, 2U)) ? 1 : atoi (D->H.mgd77[use]->Survey_Arrival_Day);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[2][2];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:423:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->A.GF_version = atoi (&opt->arg[k+3]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:442:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi (&opt->arg[k+1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:556:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->G.start = atol (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:559:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->G.stop = atol (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:784:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fx_setting[GMT_BUFSIZ] = {""}, **list = NULL, **item_names = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:785:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tvalue[MGD77_MAX_COLS], *aux_tvalue[N_MGD77_AUX], record[GMT_BUFSIZ] = {""}, word[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:876:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:926:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",lat"), n_sub++; /* Append lat to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:928:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",lon"), n_sub++; /* Append lon to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:930:127: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ((Ctrl->D.active || need_time || auxlist[MGD77_AUX_SP].requested) && MGD77_Get_Column (GMT, "time", &M) == MGD77_NOT_SET) strcat (fx_setting, ",time"), n_sub++; /* Append time to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:935:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",twt"), n_sub++; /* Must append twt to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:942:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",depth"), n_sub++; /* Must append depth to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:946:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",gobs"), n_sub++; /* Must append gobs to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:949:59: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (MGD77_Get_Column (GMT, "eot", &M) == MGD77_NOT_SET) strcat (fx_setting, ",eot"), n_sub++; /* Must append eot to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:953:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",mtf1"), n_sub++; /* Must append mtf1 to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:955:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",mtf2"), n_sub++; /* Must append mtf2 to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:957:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",msens"), n_sub++; /* Must append msens to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:960:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fx_setting, ",diur"), n_sub++; /* Must append diur to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:964:61: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (MGD77_Get_Column (GMT, "mtf1", &M) == MGD77_NOT_SET) strcat (fx_setting, ",mtf1"), n_sub++; /* Must append mtf1 to requested list */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:983:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(m/s)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:987:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(feet/s)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:991:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(km/hr)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:995:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(mi/hr)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:999:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(kts)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1003:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(sfeet/s)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1008:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(m)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1011:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(feet)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1014:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(km)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1017:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(miles)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1020:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(nm)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1023:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "d(surv.feet)");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1035:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1331:42: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (auxlist[MGD77_AUX_DA].requested) sprintf (aux_tvalue[MGD77_AUX_DA], "%04d%02d%02d", cal.year, cal.month, cal.day_m);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77magref.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""}, tfixed[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_abbrev[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_units[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_name[MGD77_COL_NAME_LEN];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_comment[MGD77_COL_COMMENT_LEN];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[2];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""}, history[GMT_BUFSIZ] = {""}, **list = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char not_given[GMT_LEN64] = {""}, word[GMT_BUFSIZ] = {""}, **tmp_string = NULL, *text = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldfile[PATH_MAX+4] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:944:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[5] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:949:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (field, "mtf%d", MTF_col);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1095:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[16] = {""}, date[16] = {""}, field[GMT_LEN64] = {""}, efile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1096:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char E77[256] = {""}, timestamp[GMT_LEN64] = {""}, answer[GMT_BUFSIZ] = {""}, code[GMT_BUFSIZ] = {""}, kind, YorN;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1137:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi (&date[6]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1139:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi (&date[4]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1141:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi (date);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1143:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(year == atoi (P->File_Creation_Year) && month == atoi (P->File_Creation_Month) && day == atoi (P->File_Creation_Day))) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1143:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(year == atoi (P->File_Creation_Year) && month == atoi (P->File_Creation_Month) && day == atoi (P->File_Creation_Day))) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1143:99: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(year == atoi (P->File_Creation_Year) && month == atoi (P->File_Creation_Month) && day == atoi (P->File_Creation_Day))) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1230:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number = atoi (&field[1]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1461:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (answer, "MGD77 flags (ON = Bad, OFF = Good) derived from E77 errata");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77path.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77path.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, **list = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8] = {""}, tmp_min[16] = {""}, tmp_max[16] = {""}, tmp_maxSlope[16] = {""}, tmp_area[16] = {""}, *derivative = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field_abbrev[8] = {""}, *speed_units = "m/s";
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStr[GMT_LEN32] = {""}, placeStr[GMT_LEN128] = {""}, errorStr[GMT_LEN128] = {""}, outfile[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[GMT_LEN8] = {""}, fstats[MGD77_N_STATS][GMT_LEN64], text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1004:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "#abbrev\tmin\tmax\tmaxSlope\tmaxArea\n");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1037:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "d[faa]\n"); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1077:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "faa\n"); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1095:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "distToCoast\n"); gmt_M_fputs (buffer, GMT->session.std[GMT_OUT]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1125:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen (outfile, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1188:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(H.mgd77[MGD77_ORIG]->File_Creation_Year),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Month),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Day),nvalues);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1188:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(H.mgd77[MGD77_ORIG]->File_Creation_Year),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Month),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Day),nvalues);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1188:97: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(H.mgd77[MGD77_ORIG]->File_Creation_Year),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Month),atoi(H.mgd77[MGD77_ORIG]->File_Creation_Day),nvalues);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1892:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(m == 1) ? sprintf (text,"+eot ") : sprintf (text," ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[8]; /* Field name */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[8];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[8]; /* MGD77 field name abbreviations */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day_marker_size[8], dist_marker_size[8];
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:155:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (day_marker_size, "0.1c"); /* 1 mm */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:156:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dist_marker_size, "0.15c"); /* 1.5 mm */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:159:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (day_marker_size, "0.04i");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:160:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dist_marker_size, "0.06i");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ms[GMT_LEN64] = {""}, mc[GMT_LEN64] = {""}, tmp[GMT_LEN64] = {""}, mfs[GMT_LEN64] = {""}, mf[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[GMT_BUFSIZ] = {""}, mfc[GMT_LEN64] = {""}, *t = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""}, the_date[GMT_LEN64] = {""}, the_clock[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64] = {""}, **list = NULL;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:826:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (label, "%d km ", (int)((annot_dist[ANNOT] - Ctrl->L.info.annot_int_dist) * factor));
data/gmt-6.1.1+dfsg/src/movie.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN128];
data/gmt-6.1.1+dfsg/src/movie.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN64], fill2[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/movie.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64], pen2[GMT_LEN64];
data/gmt-6.1.1+dfsg/src/movie.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *format[MOVIE_N_FORMATS];
data/gmt-6.1.1+dfsg/src/movie.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *options[MOVIE_N_FORMATS];
data/gmt-6.1.1+dfsg/src/movie.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64]; /* Canvas outline pen */
data/gmt-6.1.1+dfsg/src/movie.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[GMT_LEN8]; /* word separator(s) */
data/gmt-6.1.1+dfsg/src/movie.c:274:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (C->T.sep, " \t"); /* White space */
data/gmt-6.1.1+dfsg/src/movie.c:305:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->x.n_threads = atoi (arg);
data/gmt-6.1.1+dfsg/src/movie.c:455:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (I->fill, "lightred");
data/gmt-6.1.1+dfsg/src/movie.c:461:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (I->fill2, "lightgreen");
data/gmt-6.1.1+dfsg/src/movie.c:477:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'b': sprintf (I->pen, "%gp,blue", 0.1 * rint (I->width * 1.5 * 72.0)); break; /* Give default moving ring pen width (15% of width) and blue color */
data/gmt-6.1.1+dfsg/src/movie.c:478:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'c': sprintf (I->pen, "%gp,red", 0.1 * rint (I->width * 0.5 * 72.0)); break; /* Give default moving math angle pen width (5% of width) and red color */
data/gmt-6.1.1+dfsg/src/movie.c:479:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'd': sprintf (I->pen, "%gp,yellow", 0.1 * MIN (irint (I->width * 0.05 * 72.0), 80)); break; /* Give default crossbar pen width (0.5% of length) and color yellow */
data/gmt-6.1.1+dfsg/src/movie.c:480:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'e': sprintf (I->pen, "%gp,red", 0.1 * MIN (rint (I->width * 0.25 * 72.0), 80)); break; /* Give a variable pen thickness >= 8p in red */
data/gmt-6.1.1+dfsg/src/movie.c:488:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'b': sprintf (I->pen2, "%gp,lightblue", 0.1 * rint (I->width * 1.5 * 72.0)); break; /* Give default static ring pen width (15% of width) and color lightblue */
data/gmt-6.1.1+dfsg/src/movie.c:489:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'c': sprintf (I->pen2, "%gp,darkred,-", 0.1 * rint (I->width * 0.1 * 72.0)); break; /* Give default static ring dashed pen width (1% of width) and color darkred */
data/gmt-6.1.1+dfsg/src/movie.c:490:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'd': sprintf (I->pen2, "%gp,black", 0.1 * MIN (irint (I->width * 0.25 * 72.0), 80)); break; /* Give a variable pen thickness <= 8p in black */
data/gmt-6.1.1+dfsg/src/movie.c:491:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'e': sprintf (I->pen2, "%gp,lightgreen", 0.1 * MIN (irint (I->width * 0.25 * 72.0), 80)); break;/* Give a variable pen thickness <= 8p in lightgreen */
data/gmt-6.1.1+dfsg/src/movie.c:504:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (I->pen2, "%gp,black", 0.1 * MIN (irint (I->width * 0.15 * 72.0), 30));
data/gmt-6.1.1+dfsg/src/movie.c:506:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (I->fill, "red"); /* Give default moving color */
data/gmt-6.1.1+dfsg/src/movie.c:571:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'c': I->mode = MOVIE_LABEL_IS_COL_C; I->col = atoi (&t[1]); break;
data/gmt-6.1.1+dfsg/src/movie.c:572:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': I->mode = MOVIE_LABEL_IS_COL_T; I->col = atoi (&t[1]); break;
data/gmt-6.1.1+dfsg/src/movie.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN32] = {""}, txt_b[GMT_LEN32] = {""}, arg[GMT_LEN64] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:646:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->A.loops = (p[1]) ? atoi (&p[1]) : 0;
data/gmt-6.1.1+dfsg/src/movie.c:650:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->A.stride = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/movie.c:845:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->H.factor = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/movie.c:913:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.frame = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/movie.c:918:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.frame = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/movie.c:983:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((Ctrl->S[k].fp = fopen (Ctrl->S[k].file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:996:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.precision = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/movie.c:999:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.start_frame = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/movie.c:1099:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (n_errors == 0 && ((Ctrl->E.fp = fopen (Ctrl->E.file, "r")) == NULL)) {
data/gmt-6.1.1+dfsg/src/movie.c:1106:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (n_errors == 0 && ((Ctrl->I.fp = fopen (Ctrl->I.file, "r")) == NULL)) {
data/gmt-6.1.1+dfsg/src/movie.c:1112:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (n_errors == 0 && ((Ctrl->In.fp = fopen (Ctrl->In.file, "r")) == NULL)) {
data/gmt-6.1.1+dfsg/src/movie.c:1174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *movie_raster_format[2] = {"png", "PNG"}, *img_type[2] = {"opaque", "transparent"};
data/gmt-6.1.1+dfsg/src/movie.c:1175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *extension[3] = {"sh", "csh", "bat"}, *load[3] = {"source", "source", "call"}, *rmfile[3] = {"rm -f", "rm -f", "del"};
data/gmt-6.1.1+dfsg/src/movie.c:1176:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rmdir[3] = {"rm -rf", "rm -rf", "rd /s /q"}, *export[3] = {"export ", "setenv ", ""};
data/gmt-6.1.1+dfsg/src/movie.c:1177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mvfile[3] = {"mv -f", "mv -f", "move"}, *sc_call[3] = {"bash ", "csh ", "start /B"}, var_token[4] = "$$%";
data/gmt-6.1.1+dfsg/src/movie.c:1179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_file[PATH_MAX] = {""}, state_tag[GMT_LEN16] = {""}, state_prefix[GMT_LEN64] = {""}, param_file[PATH_MAX] = {""}, cwd[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pre_file[PATH_MAX] = {""}, post_file[PATH_MAX] = {""}, main_file[PATH_MAX] = {""}, line[PATH_MAX] = {""}, version[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN128] = {""}, extra[GMT_LEN256] = {""}, cmd[GMT_LEN256] = {""}, cleanup_file[PATH_MAX] = {""}, L_txt[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char png_file[PATH_MAX] = {""}, topdir[PATH_MAX] = {""}, workdir[PATH_MAX] = {""}, datadir[PATH_MAX] = {""}, frame_products[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intro_file[PATH_MAX] = {""}, *script_file = NULL, dir_sep = '/', which[2] = {"LP"}, spacer;
data/gmt-6.1.1+dfsg/src/movie.c:1380:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (init_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1420:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pre_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1444:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script */
data/gmt-6.1.1+dfsg/src/movie.c:1493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}, cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1516:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_frames = n_data_frames = atoi (Ctrl->T.file);
data/gmt-6.1.1+dfsg/src/movie.c:1573:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (post_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1597:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script */
data/gmt-6.1.1+dfsg/src/movie.c:1638:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
I->ne = 4, strcpy (I->format, "%d %2.2d:%2.2d:%2.2d");
data/gmt-6.1.1+dfsg/src/movie.c:1640:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
I->ne = 3, strcpy (I->format, "%2.2d:%2.2d:%2.2d");
data/gmt-6.1.1+dfsg/src/movie.c:1642:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
I->ne = 2, strcpy (I->format, "%2.2d:%2.2d");
data/gmt-6.1.1+dfsg/src/movie.c:1644:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
I->ne = 1, strcpy (I->format, "%2.2d");
data/gmt-6.1.1+dfsg/src/movie.c:1683:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (state_tag, "%*.*d", precision, precision, frame);
data/gmt-6.1.1+dfsg/src/movie.c:1686:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (param_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1707:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (intro_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1713:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->E.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->E.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:1715:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mb../../");
data/gmt-6.1.1+dfsg/src/movie.c:1719:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htxt[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1720:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (htxt, ",H%d", Ctrl->H.factor);
data/gmt-6.1.1+dfsg/src/movie.c:1757:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script */
data/gmt-6.1.1+dfsg/src/movie.c:1799:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (state_tag, "%*.*d", precision, precision, frame + Ctrl->E.duration);
data/gmt-6.1.1+dfsg/src/movie.c:1802:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (param_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1827:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (Ctrl->E.active) sprintf (state_tag, "%*.*d", precision, precision, data_frame); /* Reset frame tag */
data/gmt-6.1.1+dfsg/src/movie.c:1838:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "MOVIE_COL%u", col);
data/gmt-6.1.1+dfsg/src/movie.c:1849:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "MOVIE_WORD%u", col++);
data/gmt-6.1.1+dfsg/src/movie.c:1859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN256] = {""}, font[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1883:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (I->kind == 'F' && p == 0) strcat (label, "-R"); /* We will write a functioning -R option to plot the time-axis */
data/gmt-6.1.1+dfsg/src/movie.c:1891:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%*.*d", precision, precision, use_frame);
data/gmt-6.1.1+dfsg/src/movie.c:1899:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%3d%%", (int)irint (100.0 * t));
data/gmt-6.1.1+dfsg/src/movie.c:1918:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[GMT_LEN16] = {""}, clock[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1957:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (I->kind == 'F') strcat (label, "/0/1");
data/gmt-6.1.1+dfsg/src/movie.c:1967:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char master_file[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:1972:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (master_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:1988:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->K.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->K.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:1991:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "A+n+r"); /* No cropping, image size is fixed */
data/gmt-6.1.1+dfsg/src/movie.c:1993:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->G.mode & 1) strcat (extra, "+p"), strcat (extra, Ctrl->G.pen);
data/gmt-6.1.1+dfsg/src/movie.c:1994:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->G.mode & 2) strcat (extra, "+g"), strcat (extra, Ctrl->G.fill);
data/gmt-6.1.1+dfsg/src/movie.c:1998:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mb../../");
data/gmt-6.1.1+dfsg/src/movie.c:2004:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mb../movie_background.ps");
data/gmt-6.1.1+dfsg/src/movie.c:2006:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mb../../");
data/gmt-6.1.1+dfsg/src/movie.c:2010:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mf../movie_foreground.ps");
data/gmt-6.1.1+dfsg/src/movie.c:2012:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mf../../");
data/gmt-6.1.1+dfsg/src/movie.c:2017:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, ",H%d", Ctrl->H.factor);
data/gmt-6.1.1+dfsg/src/movie.c:2150:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (main_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/movie.c:2157:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->K.fill) {strcat (extra, "+g"); strcat (extra, Ctrl->K.fill);} /* Chose another fade color than black */
data/gmt-6.1.1+dfsg/src/movie.c:2160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "A+n+r"); /* No cropping, image size is fixed */
data/gmt-6.1.1+dfsg/src/movie.c:2162:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->G.mode & 1) strcat (extra, "+p"), strcat (extra, Ctrl->G.pen);
data/gmt-6.1.1+dfsg/src/movie.c:2163:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->G.mode & 2) strcat (extra, "+g"), strcat (extra, Ctrl->G.fill);
data/gmt-6.1.1+dfsg/src/movie.c:2169:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mb../../");
data/gmt-6.1.1+dfsg/src/movie.c:2173:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mf../movie_foreground.ps");
data/gmt-6.1.1+dfsg/src/movie.c:2177:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (extra, ",Mf../../");
data/gmt-6.1.1+dfsg/src/movie.c:2181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htxt[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:2182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (htxt, ",H%d", Ctrl->H.factor);
data/gmt-6.1.1+dfsg/src/movie.c:2210:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (gmt_is_gmt_end_show (line)) sprintf (line, "gmt end\n"); /* Eliminate show from gmt end in this script */
data/gmt-6.1.1+dfsg/src/movie.c:2306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char files[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/movie.c:2310:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (files, "[02468]");
data/gmt-6.1.1+dfsg/src/movie.c:2312:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (files, "[05]");
data/gmt-6.1.1+dfsg/src/movie.c:2314:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (files, "[0]");
data/gmt-6.1.1+dfsg/src/movie.c:2316:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (files, "000");
data/gmt-6.1.1+dfsg/src/movie.c:2318:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (files, "00");
data/gmt-6.1.1+dfsg/src/movie.c:2335:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "verbose");
data/gmt-6.1.1+dfsg/src/movie.c:2337:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "warning");
data/gmt-6.1.1+dfsg/src/movie.c:2339:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "warning");
data/gmt-6.1.1+dfsg/src/movie.c:2341:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "quiet");
data/gmt-6.1.1+dfsg/src/movie.c:2342:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (png_file, "%%0%dd", precision);
data/gmt-6.1.1+dfsg/src/movie.c:2354:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *vpx[2] = {"libvpx", "libvpx-vp9"}, *pix_fmt[2] = {"yuv420p", "yuva420p"};
data/gmt-6.1.1+dfsg/src/movie.c:2357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "verbose");
data/gmt-6.1.1+dfsg/src/movie.c:2359:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "warning");
data/gmt-6.1.1+dfsg/src/movie.c:2361:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "warning");
data/gmt-6.1.1+dfsg/src/movie.c:2363:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extra, "quiet");
data/gmt-6.1.1+dfsg/src/movie.c:2364:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (png_file, "%%0%dd", precision);
data/gmt-6.1.1+dfsg/src/movie.c:2379:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (cleanup_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/nearneighbor.c:229:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.min_sectors = atoi (&c[2]);
data/gmt-6.1.1+dfsg/src/nearneighbor.c:231:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.sectors = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/nearneighbor.c:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/nearneighbor.c:323:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"-a nearest:radius1=%f:radius2=%f:nodata=NaN", Ctrl->S.radius, Ctrl->S.radius);
data/gmt-6.1.1+dfsg/src/nearneighbor.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:362:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define PSL_rgb_copy(a,b) memcpy((void*)a,(void*)b,4*sizeof(double)); /* Copy RGB[T] triplets: a = b */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:404:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colors[PSL_MAX_COLORS][3];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:422:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *PDF_transparency_modes[N_PDF_TRANSPARENCY_MODES] = {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:572:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *m_unit[4] = {"bytes", "kb", "Mb", "Gb"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64] = {""};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1147:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char quintuple[5] = { 0 };
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst_ptr, quintuple, olen);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst_ptr, delimiter, 3);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1490:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi (name);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1521:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *psl_scandcodes[16][5] = { /* Short-hand conversion for some European characters in both Undefined [0], Standard [1], Standard+ [2], ISOLatin1 [3], and ISOLatin1+ [4] encoding */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line[2] = {"N", "P S"}, *dump[2] = {"", "fs"}, *end[2] = {"start", "end"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2574:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line[2] = {"N", "P S"}, *dump[2] = {"", "fs"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (PSL->internal.font, PSL_standard_fonts, PSL_N_STANDARD_FONTS * sizeof (struct PSL_FONT));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3168:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen (fullname, "r")) == NULL) { /* File exist but opening fails? WTF! */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3205:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3210:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&text[len], "%c%d", mark, psl_ip (PSL, atof(pattern)));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3216:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&text[len], "] %d B", psl_ip (PSL, offset));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3219:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "[] 0 B"); /* Reset to continuous line */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3351:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3359:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "pattern%ld I", lrint(rgb[1]));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3415:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.bw_format, "%.3lg A"); /* Default format used for grayshade value */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3416:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.rgb_format, "%.3lg %.3lg %.3lg C"); /* Same, for RGB triplets */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3417:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.hsv_format, "%.3lg %.3lg %.3lg H"); /* Same, for HSV triplets */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3418:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.cmyk_format, "%.3lg %.3lg %.3lg %.3lg K"); /* Same, for CMYK quadruples */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PSL_BUFSIZ], format[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3557:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%g", annotation_int); /* Try to compute a useful format */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3564:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%%.%df", ndig);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3566:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (format, "%g");
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3716:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *colorspace[3] = {"Gray", "RGB", "CMYK"}; /* What kind of image we are writing */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3717:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *decode[3] = {"0 1", "0 1 0 1 0 1", "0 1 0 1 0 1 0 1"}; /* What kind of color decoding */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3718:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *type[3] = {"1", "4 /MaskColor[0]", "1 /Interpolate true"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3998:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *colorspace[3] = {"Gray", "RGB", "CMYK"}; /* What kind of image we are writing */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3999:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *decode[3] = {"0 1", "0 1 0 1 0 1", "0 1 0 1 0 1 0 1"}; /* What kind of color decoding */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4000:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *kind_mask[2] = {"image", "imagemask"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4344:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *uname[4] = {"cm", "inch", "meter", "point"}, xy[2] = {'x', 'y'};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PSL_encoding[64] = {""};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (PSL->init.page_size, page_size, 2 * sizeof(double));
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4394:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.bw_format, "%.3lg A"); /* Default format used for grayshade value */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4395:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.rgb_format, "%.3lg %.3lg %.3lg C"); /* Same, for RGB triplets */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4396:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.hsv_format, "%.3lg %.3lg %.3lg H"); /* Same, for HSV triplets */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4397:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (PSL->current.cmyk_format, "%.3lg %.3lg %.3lg %.3lg K"); /* Same, for CMYK quadruples */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4665:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (PSL->current.bw_format, "%%.%df A", n_decimals);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4666:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (PSL->current.rgb_format, "%%.%df %%.%df %%.%df C", n_decimals, n_decimals, n_decimals);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4667:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (PSL->current.hsv_format, "%%.%df %%.%df %%.%df H", n_decimals, n_decimals, n_decimals);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4668:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (PSL->current.cmyk_format, "%%.%df %%.%df %%.%df %%.%df K", n_decimals, n_decimals, n_decimals, n_decimals);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4714:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4721:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4728:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4729:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "%d F%d", psl_ip (PSL, size), PSL->current.font_no);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4735:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[PSL_BUFSIZ];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4798:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *align[4] = {"0", "-2 div", "neg", ""};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5182:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *op[4] = {"Z", "false charpath fs", "false charpath fs", "false charpath V S U fs"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5184:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *justcmd[12] = {"", "bl ", "bc ", "br ", "", "ml ", "mc ", "mr ", "", "tl ", "tc ", "tr "};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5186:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *align[4] = {"0", "-2 div", "neg", ""};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[2] = {"straight", "curved"}, *ext[2] = {"clip", "labels"};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5820:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5891:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buffer[4096] = {""}; /* Have to use this large array because sometimes we get the char encoding array, which is large. */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buffer[PSL_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5953:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((C->internal.fp = fopen (file, mode)) == NULL) {
data/gmt-6.1.1+dfsg/src/postscriptlight.h:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PSL_NAME_LEN];/* Name of this font */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[PSL_BUFSIZ]; /* Last text string plotted */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style[512]; /* Current setdash pattern */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bw_format[8]; /* Format used for grayshade value */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rgb_format[64]; /* Same, for RGB color triplets */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hsv_format[64]; /* Same, for HSV color triplets (HSB in PS) */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmyk_format[64]; /* Same, for CMYK color quadruples */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transparency_mode[16]; /* PDF transparency mode */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_image[PSL_N_PATTERNS]; /* Name of user patterns */
data/gmt-6.1.1+dfsg/src/postscriptlight.h:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[2]; /* 'r', 'a', 'f', 'c' depending on reference for new origin x and y coordinate */
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:180:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi (&opt->arg[k]);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)load, (void *)p, n * sizeof (double));
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)w_old, (void *)w, n * sizeof (double));
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)p, (void *)load, n * sizeof (double));
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[GMT_LEN256] = {""}, txt[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1394:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "BCs > ");
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1395:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->A.bc[LEFT] == BC_INFINITY) strcat (msg, "infinity at left edge + ");
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1396:46: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (Ctrl->A.bc[LEFT] == BC_PERIODIC) strcat (msg, "periodic at left edge + ");
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1399:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "plate clamped with deflection = %g at left edge + ", Ctrl->A.deflection[LEFT]);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1405:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "plate free with Moment = %g and Force = %g at left edge + ", Ctrl->A.moment[LEFT], Ctrl->A.force[LEFT]);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1408:42: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->A.bc[RIGHT] == BC_INFINITY) strcat (msg, "infinity at right edge.\n");
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1409:47: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (Ctrl->A.bc[RIGHT] == BC_PERIODIC) strcat (msg, "periodic at right edge.\n");
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1412:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "plate clamped with deflection = %g at right edge.\n", Ctrl->A.deflection[RIGHT]);
data/gmt-6.1.1+dfsg/src/potential/gmtflexure.c:1418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "plate free with Moment = %g and Force = %g at right edge.\n", Ctrl->A.moment[RIGHT], Ctrl->A.force[RIGHT]);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:696:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->title, "Gravity field");
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:697:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->z_units, "mGal");
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:700:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->title, "Magnetic field");
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:701:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->z_units, "nT");
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:734:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%.9g"); /* Make sure we use enough decimals */
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_LEN256] = {""}, text[128] = {""}, ver_txt[128] = {""};
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[GMT_BUFSIZ] = {""}, t_or_b[4] = {""}, argument[GMT_LEN16] = {""}, combined[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:190:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (mod[0] == '\0') strcat (argument, "+l"); /* Leave trend alone -L */
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:191:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (mod[0] == 'm') strcat (argument, "+a"); /* Remove mean -Lm */
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:192:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (mod[0] == 'h') strcat (argument, "+h"); /* Remove mid-value -Lh */
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:251:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->E.n_terms = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:779:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->title, "Gravity anomalies");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:780:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->z_units, "mGal");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:792:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->title, "Geoid anomalies");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:793:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->z_units, "meter");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:796:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->title, "Vertical Gravity Gradient anomalies");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:797:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->z_units, "Eotvos");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:800:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->title, "Deflection of the vertical - East");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:801:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->z_units, "microradian");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:804:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->title, "Deflection of the vertical - North");
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:805:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Grid[0]->header->z_units, "microradian");
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN32] = {""}, B[GMT_LEN32] = {""}, C[GMT_LEN32] = {""}, e_unit, i_unit;
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:309:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *names[3] = {"yr", "kyr", "Myr"};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN16] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:929:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *FLX_response[6] = {"Elastic", "Viscoelastic", "Firmoviscous (1 layer)", "Firmoviscous (2 layer)", "Viscous (1 layer)", "Viscous (2 layer)"};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:961:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (file, "grdflexure_transfer_function_te_%3.3d_km.txt", irint (Ctrl->E.te[TE_INIT] * 0.001));
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:989:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, time_fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1044:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_arg[GMT_LEN256] = {""}, s_unit;
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1108:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (time_fmt, "%c"); /* Append the unit */
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1168:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remark[GMT_GRID_REMARK_LEN160] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:1195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[3];
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_BUFSIZ]; /* gmt_parse_R_option has this!!!! */
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:380:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Q.n_pad = atoi(&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:553:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Ctrl->Q.region, "%f/%f/%f/%f", wesn_new[XLO] - Ctrl->Q.pad_dist,
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:947:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->title, "Gravity field");
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:948:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->z_units, "mGal");
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:951:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->title, "Magnetic field");
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:952:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->z_units, "nT");
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:1166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabs[16] = {""}, frmt[64] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1343:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gfilt->header->title, "Reduction To the Pole filter");
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1344:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gfilt->header->x_units, "radians");
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1345:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gfilt->header->y_units, "radians");
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1521:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->title, "Anomaly reducted to the pole");
data/gmt-6.1.1+dfsg/src/potential/grdredpol.c:1522:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Gout->header->z_units, "nT");
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char T1[GMT_LEN32] = {""}, T2[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_x[GMT_LEN64], txt_y[GMT_LEN64], s_unit;
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit, unit_name[8], file[PATH_MAX] = {""}, time_fmt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:598:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (time_fmt, "%c"); /* Append the unit */
data/gmt-6.1.1+dfsg/src/potential/grdseamount.c:874:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, tmp[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/potential/talwani2d.c:523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *uname[2] = {"meter", "km"}, *kind[4] = {"FAA", "VGG", "GEOID", "FAA(2.5-D)"};
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[32] = {""};
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:652:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (file, "dump.%g.txt", x_obs);
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:653:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (file, "w");
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:657:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (file, "dump.%g.txt", x_obs);
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:658:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (file, "w");
data/gmt-6.1.1+dfsg/src/potential/talwani3d.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *uname[2] = {"meter", "km"}, *kind[3] = {"FAA", "VGG", "GEOID"}, remark[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/project.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[PROJECT_N_FARGS]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/project.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, p[GMT_LEN256] = {""}, *ce = NULL, *ch = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/project.c:969:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[2] = {"Great", "Small"};
data/gmt-6.1.1+dfsg/src/psbasemap.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[3] = {"Specify a rectangular panel for the map inset", "Specify a rectangular panel behind the map scale", "Specify a rectangular panel behind the map rose"};
data/gmt-6.1.1+dfsg/src/psbasemap.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[GMT_BUFSIZ] = {""}, *kind[2] = {"regular", "oblique"};
data/gmt-6.1.1+dfsg/src/psclip.c:147:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->C.n = atoi (&opt->arg[0]);
data/gmt-6.1.1+dfsg/src/pscoast.c:407:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ks = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/pscoast.c:511:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->debug.bin = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/pscoast.c:533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {"-R"}, text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/pscoast.c:673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_J[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/pscoast.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shore_resolution[5] = {"full", "high", "intermediate", "low", "crude"};
data/gmt-6.1.1+dfsg/src/pscoast.c:833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ] = {""}, *kind[3] = {"Coastlines", "Political boundaries", "Rivers"}, *version = NULL, *title = NULL, *source = NULL;
data/gmt-6.1.1+dfsg/src/pscoast.c:863:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (header, "Country polygons extracted from the DCW database\n");
data/gmt-6.1.1+dfsg/src/pscoast.c:1116:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "Shore Bin # %d, Level %d", bin, p[i].level);
data/gmt-6.1.1+dfsg/src/pscoast.c:1192:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "River Bin # %d, Level %d", bin, p[i].level);
data/gmt-6.1.1+dfsg/src/pscoast.c:1262:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (GMT->current.io.segment_header, "Border Bin # %d, Level %d", bin, p[i].level);
data/gmt-6.1.1+dfsg/src/pscontour.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lbl[2], *def[2] = {"-", "+"};
data/gmt-6.1.1+dfsg/src/pscontour.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/pscontour.c:570:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/pscontour.c:695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cont_label[GMT_LEN256] = {""}, format[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pscontour.c:696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tri_algorithm[2] = {"Watson", "Shewchuk"};
data/gmt-6.1.1+dfsg/src/psconvert.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/psconvert.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN128] = {""}, p[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, txt_c[GMT_LEN64] = {""}, txt_d[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:717:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->H.factor = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/psconvert.c:765:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (mode < PSC_GEO) Ctrl->Q.bits[mode] = (opt->arg[1]) ? atoi (&opt->arg[1]) : 4;
data/gmt-6.1.1+dfsg/src/psconvert.c:863:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *layer[2] = {"Back", "Fore"};
data/gmt-6.1.1+dfsg/src/psconvert.c:942:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char alpha[48];
data/gmt-6.1.1+dfsg/src/psconvert.c:952:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (c, " -dGraphicsAlphaBits=%d", bits);
data/gmt-6.1.1+dfsg/src/psconvert.c:961:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (c, " -dTextAlphaBits=%d", bits);
data/gmt-6.1.1+dfsg/src/psconvert.c:988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN512] = {""}, buf[GMT_LEN128] = {""}, t[32] = {""}, *pch, c;
data/gmt-6.1.1+dfsg/src/psconvert.c:1096:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "BoundingBox: 0 0 %.0f %.0f", ceil(*w), ceil(*h));
data/gmt-6.1.1+dfsg/src/psconvert.c:1105:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "HiResBoundingBox: 0 0 %.4f %.4f", *w, *h);
data/gmt-6.1.1+dfsg/src/psconvert.c:1118:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(r == 0) ? sprintf(buf, "%.3f %.3f translate", xt, yt) : sprintf(buf, "%d rotate\n%.3f %.3f translate", r, xt, yt);
data/gmt-6.1.1+dfsg/src/psconvert.c:1118:60: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(r == 0) ? sprintf(buf, "%.3f %.3f translate", xt, yt) : sprintf(buf, "%d rotate\n%.3f %.3f translate", r, xt, yt);
data/gmt-6.1.1+dfsg/src/psconvert.c:1128:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(r == 0) ? sprintf(buf, "%.3f %.3f translate", xt + old_xt, yt + old_xt) : sprintf(buf, "%d rotate\n%.3f %.3f translate", r, xt + old_xt, yt + old_xt);
data/gmt-6.1.1+dfsg/src/psconvert.c:1128:79: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(r == 0) ? sprintf(buf, "%.3f %.3f translate", xt + old_xt, yt + old_xt) : sprintf(buf, "%d rotate\n%.3f %.3f translate", r, xt + old_xt, yt + old_xt);
data/gmt-6.1.1+dfsg/src/psconvert.c:1154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024] = {""}, buf[GMT_LEN128], t[16] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:1175:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -sDEVICE=ppmraw -sOutputFile=- -");
data/gmt-6.1.1+dfsg/src/psconvert.c:1254:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dim[GMT_X] = atoi (t);
data/gmt-6.1.1+dfsg/src/psconvert.c:1262:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dim[GMT_Y] = atoi (t);
data/gmt-6.1.1+dfsg/src/psconvert.c:1317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:1336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:1346:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (t, "psconvert_tmp");
data/gmt-6.1.1+dfsg/src/psconvert.c:1350:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out_file, t); strcat (out_file, " -");
data/gmt-6.1.1+dfsg/src/psconvert.c:1354:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out_file, " -");
data/gmt-6.1.1+dfsg/src/psconvert.c:1367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:1373:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (newfile, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_file[PATH_MAX] = "", no_U_file[PATH_MAX] = "", clean_PS_file[PATH_MAX] = "", tmp_file[PATH_MAX] = "",
data/gmt-6.1.1+dfsg/src/psconvert.c:1455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *device[N_GS_DEVICES] = {"", "pdfwrite", "svg", "jpeg", "png16m", "ppmraw", "tiff24nc", "bmp16m", "pngalpha",
data/gmt-6.1.1+dfsg/src/psconvert.c:1457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *device_options[N_GS_DEVICES] = {
data/gmt-6.1.1+dfsg/src/psconvert.c:1472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ext[N_GS_DEVICES] = {".eps", ".pdf", ".svg", ".jpg", ".png", ".ppm", ".tif", ".bmp", ".png", ".jpg", ".png", ".tif", ".bmp"};
data/gmt-6.1.1+dfsg/src/psconvert.c:1473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *RefLevel[N_KML_ELEVATIONS] = {"clampToGround", "relativeToGround", "absolute", "relativeToSeaFloor", "clampToSeaFloor"};
data/gmt-6.1.1+dfsg/src/psconvert.c:1475:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char at_sign[2] = "@";
data/gmt-6.1.1+dfsg/src/psconvert.c:1477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char at_sign[2] = "";
data/gmt-6.1.1+dfsg/src/psconvert.c:1746:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file_processing && (fp = fopen (ps_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1761:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen (no_U_file, "w+")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1838:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpb = fopen (BB_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1921:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpo = fopen (tmp_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1931:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpo = fopen (tmp_file, "w+")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1949:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x0 = atoi (c1); y0 = atoi (c2);
data/gmt-6.1.1+dfsg/src/psconvert.c:1949:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x0 = atoi (c1); y0 = atoi (c2);
data/gmt-6.1.1+dfsg/src/psconvert.c:1950:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x1 = atoi (c3); y1 = atoi (c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:1950:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x1 = atoi (c3); y1 = atoi (c4);
data/gmt-6.1.1+dfsg/src/psconvert.c:2136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t1[GMT_LEN8], t2[GMT_LEN8]; /* To hold the translate part when landscape */
data/gmt-6.1.1+dfsg/src/psconvert.c:2137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t3[128]; /* To hold a copy of the last commented (%%) line */
data/gmt-6.1.1+dfsg/src/psconvert.c:2318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[16] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:2331:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out_file, "_intermediate");
data/gmt-6.1.1+dfsg/src/psconvert.c:2354:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (resolution, "-g%dx%d -r%g -dDownScaleFactor=%d", pix_w * Ctrl->H.factor, pix_h * Ctrl->H.factor, Ctrl->E.dpi * Ctrl->H.factor, Ctrl->H.factor);
data/gmt-6.1.1+dfsg/src/psconvert.c:2356:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (resolution, "-g%dx%d -r%g", pix_w, pix_h, Ctrl->E.dpi);
data/gmt-6.1.1+dfsg/src/psconvert.c:2395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdf_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psconvert.c:2430:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out_file, ".ps");
data/gmt-6.1.1+dfsg/src/psconvert.c:2464:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_raw = fopen (out_file, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:2518:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char world_file[PATH_MAX] = "", *wext = NULL, *s = NULL;
data/gmt-6.1.1+dfsg/src/psconvert.c:2560:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpw = fopen (world_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:2578:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (world_file, ".tiff");
data/gmt-6.1.1+dfsg/src/psconvert.c:2601:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kml_file[PATH_MAX] = "";
data/gmt-6.1.1+dfsg/src/psconvert.c:2613:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (kml_file, ".kml");
data/gmt-6.1.1+dfsg/src/psconvert.c:2615:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpw = fopen (kml_file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psconvert.c:2720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[GMT_LEN256] = {""}, ver[GMT_LEN8] = {""}, *ptr;
data/gmt-6.1.1+dfsg/src/psconvert.c:2721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[32] = "SOFTWARE\\GPL Ghostscript\\";
data/gmt-6.1.1+dfsg/src/psconvert.c:2769:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ver, "%.2f", maxVersion);
data/gmt-6.1.1+dfsg/src/psevents.c:330:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "%c", opt->arg[0]); /* Just the symbol code */
data/gmt-6.1.1+dfsg/src/psevents.c:336:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "%c", opt->arg[0]); /* Just the symbol code */
data/gmt-6.1.1+dfsg/src/psevents.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_file_symbols[PATH_MAX] = {""}, tmp_file_labels[PATH_MAX] = {""}, cmd[BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/psevents.c:509:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_symbols = fopen (tmp_file_symbols, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psevents.c:585:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_labels = fopen (tmp_file_labels, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/psevents.c:633:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->C.active) {strcat (cmd, " -C"); strcat (cmd, Ctrl->C.file);}
data/gmt-6.1.1+dfsg/src/psevents.c:634:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->G.active) {strcat (cmd, " -G"); strcat (cmd, Ctrl->G.color);}
data/gmt-6.1.1+dfsg/src/psevents.c:635:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->W.pen) {strcat (cmd, " -W"); strcat (cmd, Ctrl->W.pen);}
data/gmt-6.1.1+dfsg/src/psevents.c:652:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->D.active) {strcat (cmd, " -D"); strcat (cmd, Ctrl->D.string);}
data/gmt-6.1.1+dfsg/src/psevents.c:653:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->F.active) {strcat (cmd, " -F"); strcat (cmd, Ctrl->F.string);}
data/gmt-6.1.1+dfsg/src/pshistogram.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/pshistogram.c:402:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (label, "%d", irint (F->boxh[ibox]));
data/gmt-6.1.1+dfsg/src/pshistogram.c:659:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/pshistogram.c:763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/pshistogram.c:1050:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "xmin\txmax\tymin\tymax from pshistogram -I -T%g -Z%u", Ctrl->T.T.inc, Ctrl->Z.mode);
data/gmt-6.1.1+dfsg/src/pshistogram.c:1051:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->F.active) strcat (format, " -F");
data/gmt-6.1.1+dfsg/src/pshistogram.c:1132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Rtxt[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/pshistogram.c:1135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Rtxt, "%.16g/%.16g/%.16g/%.16g", GMT->common.R.wesn[XLO], GMT->common.R.wesn[XHI], GMT->common.R.wesn[YLO], GMT->common.R.wesn[YHI]);
data/gmt-6.1.1+dfsg/src/psimage.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/psimage.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[4] = {""};
data/gmt-6.1.1+dfsg/src/psimage.c:160:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (string, "+j");
data/gmt-6.1.1+dfsg/src/psimage.c:309:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4], magic_ps[4] = {'%', '!', 'P', 'S'};
data/gmt-6.1.1+dfsg/src/psimage.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, *file = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/psimage.c:406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colormap[4*256];
data/gmt-6.1.1+dfsg/src/pslegend.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xx[GMT_LEN256] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yy[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""}, txt_e[GMT_LEN256] = {""}, string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:254:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmparg[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_e[GMT_LEN256] = {""}, txt_f[GMT_LEN256] = {""}, key[GMT_LEN256] = {""}, sub[GMT_LEN256] = {""}, just;
data/gmt-6.1.1+dfsg/src/pslegend.c:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[GMT_LEN256] = {""}, symbol[GMT_LEN256] = {""}, text[GMT_BUFSIZ] = {""}, image[GMT_BUFSIZ] = {""}, xx[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yy[GMT_LEN256] = {""}, size[GMT_LEN256] = {""}, angle[GMT_LEN256] = {""}, mapscale[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font[GMT_LEN256] = {""}, lspace[GMT_LEN256] = {""}, tw[GMT_LEN256] = {""}, jj[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bar_cpt[GMT_LEN256] = {""}, bar_gap[GMT_LEN256] = {""}, bar_height[GMT_LEN256] = {""}, bar_modifiers[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_options[GMT_LEN256] = {""}, r_options[GMT_LEN256] = {""}, xy_mode[3] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txtcolor[GMT_LEN256] = {""}, def_txtcolor[GMT_LEN256] = {""}, buffer[GMT_BUFSIZ] = {""}, A[GMT_LEN32] = {""}, legend_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, B[GMT_LEN32] = {""}, C[GMT_LEN32] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pslegend.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plot_points[2] = {"psxy", "plot"}, *plot_text[2] = {"pstext", "text"};
data/gmt-6.1.1+dfsg/src/pslegend.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dname[N_DAT] = {"symbol", "front", "qline", "textline", "partext"};
data/gmt-6.1.1+dfsg/src/pslegend.c:577:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height += (txt_a[strlen(txt_a)-1] == 'l') ? atoi (txt_a) * one_line_spacing : gmt_M_to_inch (GMT, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:680:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (n_columns == 1 && (pos = atoi (&line[2])) > 1) n_columns = pos;
data/gmt-6.1.1+dfsg/src/pslegend.c:1055:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row_height = (txt_a[strlen(txt_a)-1] == 'l') ? atoi (txt_a) * one_line_spacing : gmt_M_to_inch (GMT, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1201:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_d[0] == 'f') strcat (txt_c, "+f"); /* Wanted fancy scale so append +f to length */
data/gmt-6.1.1+dfsg/src/pslegend.c:1254:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " --GMT_HISTORY=false");
data/gmt-6.1.1+dfsg/src/pslegend.c:1280:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (n_columns == 1 && (pos = atoi (&line[2])) > 1) { /* Set number of columns and indicate equal widths */
data/gmt-6.1.1+dfsg/src/pslegend.c:1306:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || size[0] == '-') sprintf (size, "%g", GMT->current.setting.font_annot[GMT_PRIMARY].size);
data/gmt-6.1.1+dfsg/src/pslegend.c:1307:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || font[0] == '-') sprintf (font, "%d", GMT->current.setting.font_annot[GMT_PRIMARY].id);
data/gmt-6.1.1+dfsg/src/pslegend.c:1328:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || xx[0] == '-') sprintf (xx, "%g", col_left_x);
data/gmt-6.1.1+dfsg/src/pslegend.c:1329:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || yy[0] == '-') sprintf (yy, "%g", row_base_y);
data/gmt-6.1.1+dfsg/src/pslegend.c:1332:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || key[0] == '-') sprintf (key, "TL");
data/gmt-6.1.1+dfsg/src/pslegend.c:1333:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || lspace[0] == '-') sprintf (lspace, "%gi", one_line_spacing);
data/gmt-6.1.1+dfsg/src/pslegend.c:1334:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n == 0 || tw[0] == '-') sprintf (tw, "%gi", Ctrl->D.dim[GMT_X] - 2.0 * Ctrl->C.off[GMT_X]);
data/gmt-6.1.1+dfsg/src/pslegend.c:1388:52: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (symbol[0] == '-' && !strcmp (size, "-")) sprintf (size, "%gi", def_size); /* If no size given then we must pick what we learned above */
data/gmt-6.1.1+dfsg/src/pslegend.c:1404:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (B, "-1"); /* One centered tick */
data/gmt-6.1.1+dfsg/src/pslegend.c:1410:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sub, "+l+b"); /* Box to the left of the line is our default front symbol */
data/gmt-6.1.1+dfsg/src/pslegend.c:1414:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_c[0] != '-') {strcat (buffer, " -G"); strcat (buffer, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1415:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_d[0] != '-') {strcat (buffer, " -W"); strcat (buffer, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1439:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_d[0] != '-') {strcat (buffer, " -W"); strcat (buffer, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1463:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sub, "%c", symbol[0]);
data/gmt-6.1.1+dfsg/src/pslegend.c:1522:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sub, "+jc");
data/gmt-6.1.1+dfsg/src/pslegend.c:1525:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sub, "v%gi+jc+e", 0.3*x); /* Head size is 30% of length */
data/gmt-6.1.1+dfsg/src/pslegend.c:1526:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_c[0] == '-') strcat (sub, "+g-");
data/gmt-6.1.1+dfsg/src/pslegend.c:1527:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else { strcat (sub, "+g"); strcat (sub, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1528:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_d[0] == '-') strcat (sub, "+p-");
data/gmt-6.1.1+dfsg/src/pslegend.c:1534:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sub, "+p"); strcat (sub, gmt_putpen (API->GMT, &pen));
data/gmt-6.1.1+dfsg/src/pslegend.c:1586:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sub, "m%gi+b+e", 0.3*x); /* Double heads, head size 30% of diameter */
data/gmt-6.1.1+dfsg/src/pslegend.c:1588:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_c[0] == '-') strcat (sub, "+g-");
data/gmt-6.1.1+dfsg/src/pslegend.c:1589:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else { strcat (sub, "+g"); strcat (sub, txt_c);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1590:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (txt_d[0] == '-') strcat (sub, "+p-");
data/gmt-6.1.1+dfsg/src/pslegend.c:1591:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else { strcat (sub, "+p"); strcat (sub, txt_d);}
data/gmt-6.1.1+dfsg/src/pslegend.c:1623:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "-G"); strcat (buffer, txt_c);
data/gmt-6.1.1+dfsg/src/pslegend.c:1624:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " -W"); strcat (buffer, txt_d);
data/gmt-6.1.1+dfsg/src/pslegend.c:1873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psmask.c:510:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Q.min = atoi (&opt->arg[k + 2]);
data/gmt-6.1.1+dfsg/src/psmask.c:569:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->Q.min = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/psrose.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *choice[2] = {"OFF", "ON"};
data/gmt-6.1.1+dfsg/src/psrose.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/psrose.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_BUFSIZ] = {""}, format[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/psrose.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[2] = {"r", "bin sum"};
data/gmt-6.1.1+dfsg/src/psrose.c:704:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "n\tmean_az\tmean_r\tmean_resultant_length\tmax\tscaled_mean_r\tlinear_length_sum");
data/gmt-6.1.1+dfsg/src/psrose.c:951:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "mean_az\tmean_r\tmean_resultant\tmax\tscaled_mean_r\tlength_sum\tn\tsign@%.2f", Ctrl->Q.value);
data/gmt-6.1.1+dfsg/src/psrose.c:1080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/psrose.c:1101:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "0%c", (int)GMT->current.setting.ps_encoding.code[GMT->current.setting.map_degree_symbol]); Ctrl->L.n = strdup (text);
data/gmt-6.1.1+dfsg/src/psrose.c:1134:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (format, " %s");
data/gmt-6.1.1+dfsg/src/psscale.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/psscale.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_c[GMT_LEN256] = {""}, txt_d[GMT_LEN256] = {""}, txt_e[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psscale.c:373:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[GMT_LEN256] = {""}, p[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psscale.c:388:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, "+c%gi/%gi/%gi/%gi", off[XLO], off[XHI], off[YLO], off[YHI]);
data/gmt-6.1.1+dfsg/src/psscale.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""}, new_format[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/psscale.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN256] = {""}, text[GMT_LEN256] = {""}, test[GMT_LEN256] = {""}, unit[GMT_LEN256] = {""}, label[GMT_LEN256] = {""}, endash;
data/gmt-6.1.1+dfsg/src/psscale.c:656:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *method[2] = {"polygons", "colorimage"};
data/gmt-6.1.1+dfsg/src/psscale.c:850:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%ld", lrint (floor (P->data[0].z_low)));
data/gmt-6.1.1+dfsg/src/psscale.c:851:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (test, "%ld", lrint (ceil (center ? P->data[P->n_colors-1].z_low : P->data[P->n_colors-1].z_high)));
data/gmt-6.1.1+dfsg/src/psscale.c:1178:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "10@+%d@+", p_val);
data/gmt-6.1.1+dfsg/src/psscale.c:1204:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "10@+%d@+", p_val);
data/gmt-6.1.1+dfsg/src/psscale.c:1300:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%ld - %ld", lrint (floor (P->data[0].z_low)), lrint (ceil (P->data[0].z_high)));
data/gmt-6.1.1+dfsg/src/psscale.c:1301:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (test, "%ld - %ld", lrint (floor (P->data[P->n_colors-1].z_low)), lrint (ceil (P->data[P->n_colors-1].z_high)));
data/gmt-6.1.1+dfsg/src/psscale.c:1307:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "%ld", lrint (floor (P->data[0].z_low)));
data/gmt-6.1.1+dfsg/src/psscale.c:1308:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (test, "%ld", lrint (ceil (center ? P->data[P->n_colors-1].z_low : P->data[P->n_colors-1].z_high)));
data/gmt-6.1.1+dfsg/src/psscale.c:1464:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "10@+%d@+", p_val);
data/gmt-6.1.1+dfsg/src/psscale.c:1484:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "10@+%d@+", p_val);
data/gmt-6.1.1+dfsg/src/psscale.c:1551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psscale.c:1631:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%gil/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1637:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%giT/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1639:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%gi/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1665:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%gil/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1667:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%giT/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1669:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "X%gi/%gi", Ctrl->D.dim[GMT_X], Ctrl->D.dim[GMT_Y]);
data/gmt-6.1.1+dfsg/src/psscale.c:1688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN256] = {""}, group_sep[2] = {" "}, *tmp = NULL;
data/gmt-6.1.1+dfsg/src/pssolar.c:109:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'z': *TZ = atoi(&p[1]); break;
data/gmt-6.1.1+dfsg/src/pssolar.c:403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pssolar.c:477:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "Sun current position:");
data/gmt-6.1.1+dfsg/src/pssolar.c:479:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "\tLongitude = %f", -Sun->HourAngle);
data/gmt-6.1.1+dfsg/src/pssolar.c:481:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "\tLatitude = %f", Sun->SolarDec);
data/gmt-6.1.1+dfsg/src/pssolar.c:483:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "\tAzimuth = %.4f", Sun->SolarAzim);
data/gmt-6.1.1+dfsg/src/pssolar.c:485:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "\tElevation = %.4f", Sun->SolarElevation);
data/gmt-6.1.1+dfsg/src/pssolar.c:489:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record, "\nSunrise? No, not yet, sun is under the horizon.");
data/gmt-6.1.1+dfsg/src/pssolar.c:494:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record, "\n\tSunrise = %02d:%02d", hour, min); GMT_Put_Record(API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/pssolar.c:496:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record, "\tSunset = %02d:%02d", hour, min); GMT_Put_Record(API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/pssolar.c:498:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record, "\tNoon = %02d:%02d", hour, min); GMT_Put_Record(API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/pssolar.c:500:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(record, "\tDuration = %02d:%02d", hour, min); GMT_Put_Record(API, GMT_WRITE_DATA, Out);
data/gmt-6.1.1+dfsg/src/pssolar.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *terms[4] = {"Day/night", "Civil", "Nautical", "Astronomical"};
data/gmt-6.1.1+dfsg/src/psternary.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlabel[3][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/psternary.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psternary.c:290:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gopt[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/psternary.c:312:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bopt[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/psternary.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN256] = {""}, code, *name = "ABC", cmode[3] = {""}, *g = NULL;
data/gmt-6.1.1+dfsg/src/psternary.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfile[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/psternary.c:532:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->C.active) {strcat (cmd, " -C"); if (Ctrl->C.string) strcat (cmd, Ctrl->C.string);}
data/gmt-6.1.1+dfsg/src/psternary.c:533:29: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (Ctrl->G.active) {strcat (cmd, " -G"); strcat (cmd, Ctrl->G.string);}
data/gmt-6.1.1+dfsg/src/psternary.c:534:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Ctrl->W.active) {strcat (cmd, " -W"); strcat (cmd, Ctrl->W.string);}
data/gmt-6.1.1+dfsg/src/pstext.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read[4]; /* Contains a|A, c, f, and/or j in order required to be read from input */
data/gmt-6.1.1+dfsg/src/pstext.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[GMT_LEN256] = {""}, angle[GMT_LEN256] = {""}, font[GMT_LEN256] = {""}, just[GMT_LEN256] = {""}, txt[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spacing[GMT_LEN256] = {""}, width[GMT_LEN256] = {""}, pjust[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, p[GMT_BUFSIZ] = {""}, *c = NULL, *q = NULL;
data/gmt-6.1.1+dfsg/src/pstext.c:515:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->F.first = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/pstext.c:621:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->F.w_col = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/pstext.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_x[GMT_LEN256] = {""}, txt_y[GMT_LEN256] = {""}, txt_z[GMT_LEN256] = {""}, txt_t[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_BUFSIZ] = {""}, cp_line[GMT_BUFSIZ] = {""}, label[GMT_BUFSIZ] = {""}, buffer[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pjust_key[5] = {""}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_f[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:767:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_size[GMT_LEN256] = {""}, this_font[GMT_LEN256] = {""}, just_key[5] = {""};
data/gmt-6.1.1+dfsg/src/pstext.c:918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmode_type[2] = {"with", "with no"}, *rtype[4] = {"", "data", "text", "mixed"};
data/gmt-6.1.1+dfsg/src/pstext.c:1193:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (label, "%d", rec_number++);
data/gmt-6.1.1+dfsg/src/pswiggle.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/pswiggle.c:202:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "%g", length);
data/gmt-6.1.1+dfsg/src/pswiggle.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, *units = NULL, *c = NULL;
data/gmt-6.1.1+dfsg/src/psxy.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_VF_LEN] = {""}, buffer[GMT_BUFSIZ] = {""}, tmp_file[PATH_MAX] = {""}, kode[2] = {'K', 'k'};
data/gmt-6.1.1+dfsg/src/psxy.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_BUFSIZ] = {""}, path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/psxy.c:312:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_file, "GMT_symbol%d.def", (int)getpid());
data/gmt-6.1.1+dfsg/src/psxy.c:315:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (tmp_file, "w")) == NULL) { /* Disaster */
data/gmt-6.1.1+dfsg/src/psxy.c:320:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpc = fopen (path, "r"); /* We know the file exists from earlier parsing */
data/gmt-6.1.1+dfsg/src/psxy.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_file2[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/psxy.c:357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_file2, "GMT_symbol%d.txt", (int)getpid());
data/gmt-6.1.1+dfsg/src/psxy.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *end[2] = {"start", "end"};
data/gmt-6.1.1+dfsg/src/psxy.c:591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/psxy.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/psxy.c:694:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/psxy.c:902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_args[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/psxy.c:2026:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s_args, " -G");
data/gmt-6.1.1+dfsg/src/psxy.c:2028:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (s_args, " -W");
data/gmt-6.1.1+dfsg/src/psxyz.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/psxyz.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_args[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/sample1d.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[3] = {'l', 'a', 'c'};
data/gmt-6.1.1+dfsg/src/sample1d.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/sample1d.c:247:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:271:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:282:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/sample1d.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/sample1d.c:407:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%g", inc);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:132:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, start_substr, substr_len);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:134:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, s3, s3_len);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, start_substr, remains);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/gmt-6.1.1+dfsg/src/script2verbatim.c:175:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_in = fopen (argv[argc-2], "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/script2verbatim.c:180:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_out = fopen (argv[argc-1], "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:228:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->L.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:232:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:271:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->S.value = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:316:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bmask[8]={128, 64, 32, 16, 8, 4, 2, 1};
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reelhead[3200] = {""};
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:630:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &header[Ctrl->S.value], sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:671:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &data[iy], sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegy.c:673:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data[iy], &tmp, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *txt[2] = {NULL, NULL}, txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:237:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->L.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:241:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:288:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->S.value[k] = atoi (&txt[k][1]);
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:342:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bmask[8]={128, 64, 32, 16, 8, 4, 2, 1};
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reelhead[3200] = {""};
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:735:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &header[Ctrl->S.value[GMT_X]], sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &header[Ctrl->S.value[GMT_Y]], sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:802:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &data[iz], sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/pssegyz.c:804:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data[iz], &tmp, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy.h:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char station_name[6]; /* 180 Station Name code (5 chars + \0) */
data/gmt-6.1.1+dfsg/src/segy/segy.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensor_serial[8]; /* 186 Sensor Serial code (7 chars + \0) */
data/gmt-6.1.1+dfsg/src/segy/segy.h:115:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel_name[4]; /* 194 Channel Name code (3 chars + \0) */
data/gmt-6.1.1+dfsg/src/segy/segy.h:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extrash[2]; /* 198 Extra unassigned bytes (2 chars) */
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:225:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->L.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:229:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->M.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:246:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->S.value = atoi (&opt->arg[1]);
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reelhead[3200] = {""};
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:436:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &data[isamp], sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:438:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data[isamp], &tmp, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &header[Ctrl->S.value], sizeof (uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:504:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tmp, &data[isamp], sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:506:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&data[isamp], &tmp, sizeof(uint32_t));
data/gmt-6.1.1+dfsg/src/segy/segy2grd.c:552:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (line, "NaN\n");
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[PATH_MAX], extfile[PATH_MAX];
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:541:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Ctrl->A.newfile, "A%c%.1f_%.1f_%.1f_%.1f_%.0f_%.0f_%.0f_%.0f",
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:543:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Ctrl->A.extfile, "A%c%.1f_%.1f_%.1f_%.1f_%.0f_%.0f_%.0f_%.0f_map",
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:549:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Ctrl->A.newfile, "A%c%.1f_%.1f_%.0f_%.0f_%.0f_%.0f_%.0f_%.0f",
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:551:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Ctrl->A.extfile, "A%c%.1f_%.1f_%.0f_%.0f_%.0f_%.0f_%.0f_%.0f_map",
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:627:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:752:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_title[GMT_BUFSIZ] = {""}, Xstring[GMT_BUFSIZ] = {""}, Ystring[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:927:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pnew = fopen (Ctrl->A.newfile, "w");
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:928:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pext = fopen (Ctrl->A.extfile, "w");
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:1238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_code[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:1241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (r_code, "%.16g/%.16g/%.16g/%.16g", GMT->common.R.wesn[XLO], GMT->common.R.wesn[XHI], GMT->common.R.wesn[YLO], GMT->common.R.wesn[YHI]);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:421:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_BUFSIZ] = {""}, Xstring[GMT_BUFSIZ] = {""}, Ystring[GMT_BUFSIZ] = {""}, event_title[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:225:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:226:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_c[GMT_LEN64] = {""}, txt_d[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN64] = {""}, txt_b[GMT_LEN64] = {""}, *p = NULL;
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:437:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[4][GMT_LEN64], pol, stacode[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/seis/pssac.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/seis/pssac.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[GMT_LEN256];
data/gmt-6.1.1+dfsg/src/seis/pssac.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/seis/pssac.c:368:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->T.tmark = atoi (&p[1]);
data/gmt-6.1.1+dfsg/src/seis/pssac.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}; /* Full path to sac file */
data/gmt-6.1.1+dfsg/src/seis/pssac.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN256] = {""}, file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/seis/pssac.c:820:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (Ctrl->E.keys[1] != '\0') user = atoi(&Ctrl->E.keys[1]);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:112:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((strm = fopen(name, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:142:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((strm = fopen(name, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xdata, data, npts*SAC_DATA_SIZEOF);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ydata, data+npts, npts*SAC_DATA_SIZEOF);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:240:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((strm = fopen(name, "wb")) == NULL) {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:292:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ar, xdata, sz);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ar+npts, ydata, sz);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:336:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((strm = fopen(name, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:445:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char fields[SAC_HEADER_NUMBERS+SAC_HEADER_STRINGS][10] = {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:506:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((strm = fopen(name, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/seis/sacio.c:598:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr1, ptr2, 8);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr1, ptr2, 16);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:609:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr1, ptr2, 8);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:730:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, 8);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:734:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, 16);
data/gmt-6.1.1+dfsg/src/seis/sacio.c:739:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, 8);
data/gmt-6.1.1+dfsg/src/seis/sacio.h:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kstnm[9]; /* F station name */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kevnm[18]; /* event name */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char khole[9]; /* nuclear: hole id; Other: location id; */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ko[9]; /* event origin time id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ka[9]; /* 1st arrival time id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt0[9]; /* time pick 0 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt1[9]; /* time pick 1 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt2[9]; /* time pick 2 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt3[9]; /* time pick 3 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt4[9]; /* time pick 4 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt5[9]; /* time pick 5 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt6[9]; /* time pick 6 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt7[9]; /* time pick 7 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt8[9]; /* time pick 8 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kt9[9]; /* time pick 9 id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kf[9]; /* end of event id */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kuser0[9]; /* User defined variable storage area */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kuser1[9]; /* User defined variable storage area */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kuser2[9]; /* User defined variable storage area */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kcmpnm[9]; /* F channel name, three characters */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char knetwk[9]; /* name of seismic network */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kdatrd[9]; /* date data was read onto computer */
data/gmt-6.1.1+dfsg/src/seis/sacio.h:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kinst[9]; /* generic name of recording instrument */
data/gmt-6.1.1+dfsg/src/spectrum1d.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[SPECTRUM1D_N_OUTPUT_CHOICES]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/spectrum1d.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/spectrum1d.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/spectrum1d.c:652:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/sph2grd.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN32] = {""}, B[GMT_LEN32] = {""}, D[GMT_LEN32] = {""}, E[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/sph2grd.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/sphinterpolate.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[32], txt_b[32], txt_c[32];
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segment_header[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segment_header[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmode[2] = {"Delaunay", "Voronoi"}, header[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:702:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (Ctrl->A.active) sprintf (header, "sphtriangulate nodes (lon, lat, area)");
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:703:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (header, "sphtriangulate nodes (lon, lat)");
data/gmt-6.1.1+dfsg/src/splitxyz.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[SPLITXYZ_N_OUTPUT_CHOICES]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/splitxyz.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/splitxyz.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[50] = {""}; /* What kind of line (flowline or hotspot track) */
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[8] = {""}; /* From or To */
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *emode[2] = {"trail", "flow"};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fmode[2] = {"back", "for"};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:453:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[GMT_LEN32] = {""}, cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:453:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[GMT_LEN32] = {""}, cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:454:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmpfile, "gmt_half_rots.%d", (int)getpid());
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:454:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (tmpfile, "gmt_half_rots.%d", (int)getpid());
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:455:71: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf (cmd, "%s -M%g -Fs ->%s", Ctrl->E.rot.file, Ctrl->M.value, tmpfile);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:460:30: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sval = spotter_init (GMT, tmpfile, &p, Ctrl->L.mode, Ctrl->W.active, Ctrl->E.rot.invert, &Ctrl->N.t_upper);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:461:26: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
gmt_remove_file (GMT, tmpfile);
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:474:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(Ctrl->L.mode == SPOTTER_FLOWLINE) ? sprintf (type, "Flowline") : sprintf (type, "Hotspot track");
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:474:70: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(Ctrl->L.mode == SPOTTER_FLOWLINE) ? sprintf (type, "Flowline") : sprintf (type, "Hotspot track");
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:475:45: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(Ctrl->D.mode == SPOTTER_TOWARDS_PAST) ? sprintf (dir, "from") : sprintf (dir, "to");
data/gmt-6.1.1+dfsg/src/spotter/backtracker.c:475:69: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(Ctrl->D.mode == SPOTTER_TOWARDS_PAST) ? sprintf (dir, "from") : sprintf (dir, "to");
data/gmt-6.1.1+dfsg/src/spotter/gmtpmodeler.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tag[N_PM_ITEMS] = { "az", "dist", "stage", "vel", "omega", "dlon", "dlat", "lon", "lat" };
data/gmt-6.1.1+dfsg/src/spotter/gmtpmodeler.c:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *quantity[N_PM_ITEMS] = { "azimuth", "distance displacement", "stage", "velocity", "rotation rate", "longitude displacement", \
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tag[N_PM_ITEMS] = { "az", "dist", "stage", "vel", "omega", "dlon", "dlat", "lon", "lat" };
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:362:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "degree"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:364:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "km"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:366:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "integer"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:368:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "mm/yr"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:370:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "degree/Myr"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:373:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "degrees_north"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:376:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->z_units, "degrees_east"); break;
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:523:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:527:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->x_units, "degrees_east");
data/gmt-6.1.1+dfsg/src/spotter/grdpmodeler.c:528:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G_mod[k]->header->y_units, "degrees_north");
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[4][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfile[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfile[PATH_MAX] = {""}, *file = NULL;
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:582:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, "-Z%g", Ctrl->T.value[t]);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:336:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if ((sval = atoi (opt->arg)) > 0) { /* Got OK id value */
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:361:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->W.n_try = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:666:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, format[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:828:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (format, "_%%d"); /* Make filenames like prefix_#.ext */
data/gmt-6.1.1+dfsg/src/spotter/originater.c:323:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""}, buffer[GMT_BUFSIZ] = {""}, fmt1[GMT_BUFSIZ] = {""}, fmt2[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/spotter/originater.c:416:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN128] = {""}, *code = NULL;
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:281:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *label[2] = {"AH", "FZ"};
data/gmt-6.1.1+dfsg/src/spotter/polespotter.c:480:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Out->text = (char *)label[d];
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *start_text[2] = {"tstart(My)", "astart(deg)"}; /* Misc. column titles for rates or angles */
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *end_text[2] = {"tend(My)", "aend(deg)"};
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *time_text[2] = {"ttime(My)", "tangle(deg)"};
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:352:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.setting.format_float_out, "%g");
data/gmt-6.1.1+dfsg/src/spotter/rotsmoother.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A[GMT_LEN64] = {""}, B[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_a[GMT_LEN256] = {""}, txt_b[GMT_LEN256] = {""}, txt_c[GMT_LEN256] = {""}, *c = NULL;
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, A[GMT_LEN64] = {""}, B[GMT_LEN64] = {""}, txt[GMT_LEN64] = {""}, comment[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Plates[GMT_BUFSIZ] = {""}, Rotations[GMT_BUFSIZ] = {""}, *this_c = NULL;
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GMT_BUFSIZ] = {""}, create, fit, plot;
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:1634:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dump) fp = fopen ("dump_r.txt","w");
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:1714:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dump) fp = fopen ("dump_o.txt","w");
data/gmt-6.1.1+dfsg/src/spotter/spotter.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abbrev[4]; /* Max 3-char abbreviation of hotspot name */
data/gmt-6.1.1+dfsg/src/spotter/spotter.h:77:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GMT_LEN64]; /* Full name of hotspot */
data/gmt-6.1.1+dfsg/src/subplot.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_LEN128]; /* Format for plotting tag (or constant string when done via subplot set) */
data/gmt-6.1.1+dfsg/src/subplot.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN64]; /* Color fill for optional rectangle behind the tag [none] */
data/gmt-6.1.1+dfsg/src/subplot.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64]; /* Outline pen for optional rectangle behind the tag [none] */
data/gmt-6.1.1+dfsg/src/subplot.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char placement[3]; /* Placement of tag [TL] */
data/gmt-6.1.1+dfsg/src/subplot.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char justify[3]; /* Justification of tag [TL] */
data/gmt-6.1.1+dfsg/src/subplot.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill[GMT_LEN64]; /* Fill for the entire figure canvas */
data/gmt-6.1.1+dfsg/src/subplot.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pen[GMT_LEN64]; /* Pen outline for the entire figure canvas */
data/gmt-6.1.1+dfsg/src/subplot.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Lpen[GMT_LEN64]; /* Pen to draw midlines */
data/gmt-6.1.1+dfsg/src/subplot.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axes[4]; /* W|e|w|e|l|r for -SR, S|s|N|n|b|t for -SC [Default is MAP_FRAME_AXES] */
data/gmt-6.1.1+dfsg/src/subplot.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *label[2]; /* The constant primary [and alternate] y labels */
data/gmt-6.1.1+dfsg/src/subplot.c:159:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (C->A.placement, "TL");
data/gmt-6.1.1+dfsg/src/subplot.c:160:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (C->A.justify, "TL");
data/gmt-6.1.1+dfsg/src/subplot.c:307:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((Ctrl->In.row = atoi (opt->arg)) < 0) {
data/gmt-6.1.1+dfsg/src/subplot.c:336:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->A.nstart = atoi (&opt->arg[k]); /* Starting number */
data/gmt-6.1.1+dfsg/src/subplot.c:338:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (Ctrl->A.format, "%d");
data/gmt-6.1.1+dfsg/src/subplot.c:343:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (Ctrl->A.format, "%c");
data/gmt-6.1.1+dfsg/src/subplot.c:353:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (Ctrl->A.format, "%c)");
data/gmt-6.1.1+dfsg/src/subplot.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, panel[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, command[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfile[GMT_VF_LEN] = {""}, xymode = 'r';
data/gmt-6.1.1+dfsg/src/subplot.c:912:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char report[GMT_LEN256] = {""}, txt[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:915:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (report, "%g", Ctrl->F.w[0]);
data/gmt-6.1.1+dfsg/src/subplot.c:918:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, ", %g", Ctrl->F.w[col]);
data/gmt-6.1.1+dfsg/src/subplot.c:922:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, ", ...");
data/gmt-6.1.1+dfsg/src/subplot.c:929:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (report, "%g", Ctrl->F.h[0]);
data/gmt-6.1.1+dfsg/src/subplot.c:932:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, ", %g", Ctrl->F.h[row]);
data/gmt-6.1.1+dfsg/src/subplot.c:936:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (txt, ", ...");
data/gmt-6.1.1+dfsg/src/subplot.c:1100:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/subplot.c:1127:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char roman[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1164:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "w")) == NULL) { /* Not good */
data/gmt-6.1.1+dfsg/src/subplot.c:1228:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "-R0/%g/0/%g -Jx1i -T -X%c%gi -Y%c%gi --GMT_HISTORY=false", width, height, xymode, GMT->current.setting.map_origin[GMT_X]-Ctrl->F.clearance[GMT_X], xymode, GMT->current.setting.map_origin[GMT_Y]-Ctrl->F.clearance[GMT_Y]);
data/gmt-6.1.1+dfsg/src/subplot.c:1237:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "-R0/%g/0/%g -Jx1i -T -X%c%gi -Y%c%gi --GMT_HISTORY=false", width, height, 'r', Ctrl->F.clearance[GMT_X], 'r', Ctrl->F.clearance[GMT_Y]);
data/gmt-6.1.1+dfsg/src/subplot.c:1254:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (command, "0/%g/0/%g", Ctrl->F.dim[GMT_X] + GMT->current.setting.map_origin[GMT_X], Ctrl->F.dim[GMT_Y] + GMT->current.setting.map_origin[GMT_Y]); /* Save page region */
data/gmt-6.1.1+dfsg/src/subplot.c:1285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legend_justification[4] = {""}, pen[GMT_LEN32] = {""}, fill[GMT_LEN32] = {""}, off[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1289:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *wmode[2] = {"w","a"}, vfile[GMT_VF_LEN] = {""}, Rtxt[GMT_LEN64] = {""}, off[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legend_justification[4] = {""}, Jstr[3] = {"J"}, pen[GMT_LEN32] = {""}, fill[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/subplot.c:1386:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (Rtxt, "0/%.16g/0/%.16g", P->dim[GMT_X], P->dim[GMT_Y]); /* Range for the subplot frame */
data/gmt-6.1.1+dfsg/src/surface.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/surface.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_type[2]; /* D = include data points when iterating, I = just interpolate from larger grid */
data/gmt-6.1.1+dfsg/src/surface.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ]; /* Format statement used in some messages */
data/gmt-6.1.1+dfsg/src/surface.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit_file[2]; /* Pointers to grids with low and high limits, if selected */
data/gmt-6.1.1+dfsg/src/surface.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"Lower", "Upper"};
data/gmt-6.1.1+dfsg/src/surface.c:883:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"lower", "upper"};
data/gmt-6.1.1+dfsg/src/surface.c:888:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (C->Grid->header->title, "Data gridded with continuous surface splines in tension");
data/gmt-6.1.1+dfsg/src/surface.c:1006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mode_name[2] = {"node", "data"};
data/gmt-6.1.1+dfsg/src/surface.c:1302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN128] = {""}, buffer[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/surface.c:1431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname1[GMT_LEN256] = {""}, fname2[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface.c:1437:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp1 = fopen (fname1, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/surface.c:1441:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen (fname2, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/surface.c:1786:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/surface.c:1870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"lower", "upper"};
data/gmt-6.1.1+dfsg/src/surface.c:1939:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/surface.c:1939:79: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/surface.c:2083:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}, mask[GMT_VF_LEN] = {""}, cmd[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file[2];
data/gmt-6.1.1+dfsg/src/surface_experimental.c:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_prefix[32] = {"surface"}; /* Prefix for intermediate grids */
data/gmt-6.1.1+dfsg/src/surface_experimental.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_type[2]; /* D = include data points when iterating, I = just interpolate from larger grid */
data/gmt-6.1.1+dfsg/src/surface_experimental.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ]; /* Format statement used in some messages */
data/gmt-6.1.1+dfsg/src/surface_experimental.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit_file[2]; /* Pointers to grids with low and high limits, if selected */
data/gmt-6.1.1+dfsg/src/surface_experimental.c:956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"Lower", "Upper"};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"lower", "upper"};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1031:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (C->Grid->header->title, "Data gridded with continuous surface splines in tension");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mode_name[2] = {"node", "data"};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *point_type[2] = {"original", "breakline"};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kind[2] = {'D', 'B'};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1539:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen ("surface.data", "w");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1593:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN128] = {""}, buffer[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname1[GMT_LEN256] = {""}, fname2[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1731:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp1 = fopen (fname1, "w");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1732:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen (fname2, "w");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2110:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *limit[2] = {"lower", "upper"};
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2258:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2258:79: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}, mask[GMT_VF_LEN] = {""}, cmd[GMT_LEN256] = {""};
data/gmt-6.1.1+dfsg/src/surface_old.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_type[2]; /* D means include data points when iterating
data/gmt-6.1.1+dfsg/src/surface_old.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/surface_old.c:772:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (C->Grid->header->title, "Data gridded with continuous surface splines in tension");
data/gmt-6.1.1+dfsg/src/surface_old.c:1341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[GMT_LEN128] = {""}, buffer[GMT_LEN128] = {""};
data/gmt-6.1.1+dfsg/src/surface_old.c:1666:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.value = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/surface_old.c:1819:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/surface_old.c:1819:79: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(GMT->common.R.active[GSET]) ? strcat (C.format, "pixel registration]\n") : strcat (C.format, "gridline registration]\n");
data/gmt-6.1.1+dfsg/src/test_JL.c:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/test_JL.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/test_JL.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/test_example1.c:7:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/test_example1.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/test_example1.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/test_walter.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grid[GMT_VF_LEN] = {""}, input[GMT_VF_LEN] = {""}, output[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/test_walter.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[256] = {""};
data/gmt-6.1.1+dfsg/src/testapi_imageshading.c:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_imageshading.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_matrix.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_matrix.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/testapi_matrix.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_matrix_360.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN], args[256] = {""};
data/gmt-6.1.1+dfsg/src/testapi_matrix_360_ref.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN], args[256] = {""};
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_p[GMT_VF_LEN] = {""}, input_g[GMT_VF_LEN] = {""};
data/gmt-6.1.1+dfsg/src/testapi_matrix_as_grid.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args_p[128] = {""}, args_g[128]= {""};
data/gmt-6.1.1+dfsg/src/testapi_matrix_plot.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_matrix_plot.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_mixmatrix.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[NROWS] = {"First label", "Second label", "Third label"};
data/gmt-6.1.1+dfsg/src/testapi_userdataset.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_userdataset.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/testapi_userdataset.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_userdataset.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *passfail[2] = {"PASS", "FAIL"};
data/gmt-6.1.1+dfsg/src/testapi_usergrid.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_usergrid.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/testapi_usergrid.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_usergrid.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *passfail[2] = {"PASS", "FAIL"}, *kind[2] = {"prealloc", "GMTalloc"}, *def[2] = {"dim", "R/I"};
data/gmt-6.1.1+dfsg/src/testapi_uservectors.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_uservectors.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/testapi_uservectors.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_uservectors.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *passfail[2] = {"PASS", "FAIL"}, *kind[2] = {"prealloc", "GMTalloc"}, *def[2] = {"dim", "R/I"};
data/gmt-6.1.1+dfsg/src/testapi_vector.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_vector.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[GMT_VF_LEN] = {""}; /* String to hold virtual output filename */
data/gmt-6.1.1+dfsg/src/testapi_vector.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_vector_plot.c:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_vector_plot.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_vector_strings.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_vector_strings.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_vector_strings.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[NROWS] = {"ML 18p,1,blue First label", "MR 32p,2,red Second label"};
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[GMT_VF_LEN] = {""}; /* String to hold virtual input filename */
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[128] = {""}; /* String to hold module command arguments */
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[NROWS];
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:30:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strings[0], "ML 18p,1,blue First label");
data/gmt-6.1.1+dfsg/src/testapi_vector_strings2.c:31:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strings[1], "MR 32p,2,red Second label");
data/gmt-6.1.1+dfsg/src/testgmtshell.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFSIZ] = {""}; /* Input line buffer */
data/gmt-6.1.1+dfsg/src/testgmtshell.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[128] = {""}, module[32] = {""}, args[1024] = {""};
data/gmt-6.1.1+dfsg/src/testgmtshell.c:40:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strstr (argv[k], "-f")) fp = fopen (argv[k+1], "r");
data/gmt-6.1.1+dfsg/src/testgrdio.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *format[6] = {"in_real.grd%s", "in_imag.grd%s", "out_real.grd%s", "out_imag.grd%s", "out_real_after_demux.grd%s", "out_imag_after_demux.grd%s"};
data/gmt-6.1.1+dfsg/src/testgrdio.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[6], *code, *def_code = "", buffer[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/testpsl.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[BUFSIZ] = {""}; /* Command string */
data/gmt-6.1.1+dfsg/src/testpsl.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[GMT_VF_LEN] = {""}; /* Encoded ID */
data/gmt-6.1.1+dfsg/src/trend1d.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[TREND1D_N_OUTPUT_CHOICES]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/trend1d.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/trend1d.c:835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *kind[2] = {"user-domain", "normalized"};
data/gmt-6.1.1+dfsg/src/trend1d.c:855:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "Model Coefficients (Polynomial");
data/gmt-6.1.1+dfsg/src/trend1d.c:858:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (format, " and Fourier");
data/gmt-6.1.1+dfsg/src/trend1d.c:859:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (format, "): ");
data/gmt-6.1.1+dfsg/src/trend2d.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[TREND2D_N_OUTPUT_CHOICES]; /* Character codes for desired output in the right order */
data/gmt-6.1.1+dfsg/src/trend2d.c:496:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.value = (opt->arg[j]) ? atoi (&opt->arg[j]) : 0;
data/gmt-6.1.1+dfsg/src/trend2d.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/triangulate.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tri_algorithm[2] = {"Watson", "Shewchuk"};
data/gmt-6.1.1+dfsg/src/triangulate.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/triangulate.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/triangulate.c:568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *feature[2] = {"edges", "polygons"};
data/gmt-6.1.1+dfsg/src/triangulate.c:854:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "Edge %d-%d", edge[i].begin, edge[i].end);
data/gmt-6.1.1+dfsg/src/triangulate.c:880:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (record, "Polygon %d-%d-%d -Z%.8g", link[ij], link[ij+1], link[ij+2], z_mean);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:119:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *x2sys_datadir[MAX_DATA_PATHS]; /* Directories where track data may live */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:124:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mgg_path[10]; /* Max 10 directories for now */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:163:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (line, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:265:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (file, mode);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:268:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, mode)) == NULL) { /* Not in current directory, try $X2SYS_HOME */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:270:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (file, mode);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, cardcol[80] = {""}, yes_no;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:376:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strncmp (line, "#SKIP", 5U)) X->skip = atoi (&line[6]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:418:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->r_mode, "rb");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:419:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->w_mode, "wb");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:420:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (G->a_mode, "ab+");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, buffer[GMT_LEN64] = {""}, p[GMT_BUFSIZ] = {""}, c;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:672:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, G->r_mode)) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:744:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[82] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:755:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (path, G->r_mode)) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN32] = {""}, *tvals[MGD77_N_STRING_FIELDS];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN32] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, file[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""}, p[GMT_BUFSIZ] = {""}, sfile[PATH_MAX] = {""}, suffix[16] = {""}, unit[2][2];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_file[PATH_MAX] = {""}, track_path[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""}, name[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1361:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ftrack = fopen (track_path, "r")) == NULL) return (GMT_GRDIO_FILE_NOT_FOUND);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_file[PATH_MAX] = {""}, index_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1423:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fbin = fopen (index_path, "rb")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1552:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, txt[GMT_BUFSIZ] = {""}, kind[GMT_BUFSIZ] = {""}, fmt[GMT_BUFSIZ] = {""}, trk[2][GMT_LEN64], t_txt[2][GMT_LEN64], start[2][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1685:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_txt[GMT_LEN64] = {""}, y_txt[GMT_LEN64] = {""}, d_txt[2][GMT_LEN64], h_txt[2][GMT_LEN64], v_txt[2][GMT_LEN64], z_txt[2][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stop[2][GMT_LEN64], info[2][3*GMT_LEN64], **trk_list = NULL, **ignore = NULL, *t = NULL;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1695:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dbase && (fp = fopen (dbase, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1725:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1760:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
for (i = 1; i < our_item; i++) strcat (fmt, " %*s"); /* The items to skip */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1761:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fmt, " %s %s"); /* The item we want */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:2034:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = {""}, **item_names = NULL, **col_name = NULL, **aux_name = NULL;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_name[16]; /* Name of track */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[2][2]; /* Units for distance (c = Cartesian, e = meter, k = km, m = miles, n = nautical miles)
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16]; /* Suffix for these data files */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fflags[GMT_BUFSIZ]; /* Text copy of selected columns */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX]; /* Full path to current data file */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char separators[8]; /* List of characters used for column separators */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; /* Name of this data type */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32]; /* Output print format for ASCII conversion */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /* Name of cruise or agency */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.h:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trk[2][GMT_LEN64]; /* Track names */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_binlist.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proj[80] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:247:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->W.width = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}; /* buffer */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[GMT_BUFSIZ] = {""}; /* buffer */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[80] = {""}, name2[80] = {""}; /* Name of two files to be examined */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:481:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (Ctrl->A.file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:521:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpC = fopen (Ctrl->C.file, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:955:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[GMT_BUFSIZ] = {""}, l_start[2][GMT_LEN64], stop[2][GMT_LEN64];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:964:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (l_start[k], "NaN");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:965:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (stop[k], "NaN");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""}, *line = file; /* Just reusing the file space */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:309:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(m/s)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:313:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(ft/s)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:317:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(km/hr)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:333:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(mi/hr)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:337:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(kts)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:341:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_SP].header, "v(sft/s)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:346:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(user)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:349:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(m)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:352:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(feet)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:355:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(km)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:370:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(miles)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:373:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(nm)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:376:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (auxlist[MGD77_AUX_DS].header, "d(sfeet)");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_datalist.c:543:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "NaN");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:283:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (Ctrl->L.file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string[2];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string[2];
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_file[PATH_MAX] = {""}, track_file[PATH_MAX] = {""}, bin_file[PATH_MAX] = {""}, def_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_file[PATH_MAX] = {""}, path[PATH_MAX] = {""}, line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:321:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_def = fopen (def_file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:237:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.min = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:537:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "angle");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:540:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, Ctrl->C.col); strcat (record, "_x");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:544:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "dist_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "dist_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:544:90: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "dist_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "dist_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:547:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "dist");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:551:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "head_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "head_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:551:90: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "head_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "head_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:554:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "head");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:557:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "u_tint");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:560:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "s_tint");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:564:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "ID_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "ID_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:564:88: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "ID_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "ID_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:567:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "ID");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:571:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "t_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "t_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:571:87: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "t_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "t_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:578:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "T_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "T_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:578:87: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "T_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "T_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:585:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "vel_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "vel_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:585:89: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "vel_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "vel_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:588:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "vel");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:591:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "weight");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:594:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(s->geographic) ? strcat (record, "lon") : strcat (record, "x");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:597:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(s->geographic) ? strcat (record, "lat") : strcat (record, "y");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:601:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, Ctrl->C.col); strcat (record, "_1"); strcat (record, GMT->current.setting.io_col_separator);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:602:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, Ctrl->C.col); strcat (record, "_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:612:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "track_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "track_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:612:89: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "track_1"); strcat (record, GMT->current.setting.io_col_separator); strcat (record, "track_2");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:615:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (record, "track");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ] = {""}, **pairs_base = NULL, **pairs_merge = NULL;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:161:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_base = fopen (Ctrl->A.file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:166:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_merge = fopen (Ctrl->M.file, "r")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track[GMT_LEN64] = {""}, line[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_file[PATH_MAX] = {""}, index_file[PATH_MAX] = {""}, old_track_file[PATH_MAX] = {""}, old_index_file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_path[PATH_MAX] = {""}, index_path[PATH_MAX] = {""}, old_track_path[PATH_MAX] = {""}, old_index_path[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:400:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ftrack = fopen (track_path, "w")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:405:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fbin = fopen (index_path, "wb")) == NULL) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:185:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ctrl->N.min = atoi (opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trk[2][GMT_LEN64], line[GMT_BUFSIZ] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_TAG[GMT_LEN64] = {""}, file_column[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:828:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (frmt_name, "%%-%ds", max_len+2);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:839:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "\t%g", var[0]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:842:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "\t%g\t%g*((time-T))", var[0], var[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:845:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "\t% 10.4f\t% g*((dist))", var[0], var[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:848:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "\t%g\t%g*sin((lat))^2", var[0], var[1]);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:851:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (text, "\t%g\t%g*cos((azim))\t%g*cos(2*(azim))\t%g*sin((azim))\t%g*sin(2*(azim))", var[0], var[1], var[2], var[3], var[4]);
data/gmt-6.1.1+dfsg/src/xyz2grd.c:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[GMT_LEN64] = {""};
data/gmt-6.1.1+dfsg/src/xyz2grd.c:264:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.r_mode, "rb");
data/gmt-6.1.1+dfsg/src/xyz2grd.c:265:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (GMT->current.io.w_mode, "wb");
data/gmt-6.1.1+dfsg/src/xyz2grd.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ];
data/gmt-6.1.1+dfsg/src/xyz2grd.c:799:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[GMT_BUFSIZ], e_value[GMT_LEN32];
data/gmt-6.1.1+dfsg/src/xyz2grd.c:801:129: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(GMT->common.d.active[GMT_IN]) ? sprintf (e_value, GMT->current.setting.format_float_out, GMT->common.d.nan_proxy[GMT_IN]) : sprintf (e_value, "NaN");
data/gmt-6.1.1+dfsg/src/batch.c:295:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Ctrl->T.sep, W, GMT_LEN8-1);
data/gmt-6.1.1+dfsg/src/batch.c:330:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_errors += gmt_M_check_condition (GMT, !Ctrl->N.active || (Ctrl->N.prefix == NULL || strlen (Ctrl->N.prefix) == 0),
data/gmt-6.1.1+dfsg/src/batch.c:537:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/batch.c:577:43: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/batch.c:673:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/batch.c:712:43: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/batch.c:801:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/begin.c:115:22: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (space) len++, strncat (buffer, " ", GMT_LEN256-len);
data/gmt-6.1.1+dfsg/src/begin.c:116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/begin.c:117:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, opt->arg, GMT_LEN256-len);
data/gmt-6.1.1+dfsg/src/blockmean.c:499:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/blockmean.c:593:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/blockmedian.c:579:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/blockmedian.c:685:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/blockmode.c:706:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/blockmode.c:892:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/dimfilter.c:313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen (text);
data/gmt-6.1.1+dfsg/src/dimfilter.c:393:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr (opt->arg, "+l") || opt->arg[strlen(opt->arg)-1] == '-') Ctrl->F.mode = DIMFILTER_MODE_KIND_LOW;
data/gmt-6.1.1+dfsg/src/dimfilter.c:433:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr (opt->arg, "+l") || opt->arg[strlen(opt->arg)-1] == '-') Ctrl->N.mode = DIMFILTER_MODE_KIND_LOW;
data/gmt-6.1.1+dfsg/src/docs.c:156:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = PATH_MAX - strlen (view);
data/gmt-6.1.1+dfsg/src/docs.c:162:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (view, " ", vlen--);
data/gmt-6.1.1+dfsg/src/docs.c:163:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (view, opt->arg, vlen);
data/gmt-6.1.1+dfsg/src/docs.c:164:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen -= strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/figure.c:102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_category = (strlen (p) == 1 || strchr (p, '+') || (isupper (p[0]) && strcmp (p, "PNG"))) ? GMT_IS_OPT : GMT_IS_FMT;
data/gmt-6.1.1+dfsg/src/filter1d.c:291:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = opt->arg[strlen(opt->arg-1)]; /* Last character */
data/gmt-6.1.1+dfsg/src/fitcircle.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_length = strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/geodesy/earthtide.c:1502:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, Ctrl->G.file[kk], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:741:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, &opt->arg[1], GMT_LEN256);
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:750:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (opt->arg[0] == 'w' && strlen(opt->arg) > 3) {
data/gmt-6.1.1+dfsg/src/geodesy/psvelo.c:751:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(txt, &opt->arg[1], GMT_LEN256);
data/gmt-6.1.1+dfsg/src/gmt.c:294:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GMT_SUPPL_LIBRARY))
data/gmt-6.1.1+dfsg/src/gmt2kml.c:431:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:468:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 's': strncpy (p, &opt->arg[1],GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:469:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (unsigned int)strlen (p); if (k > 0) k--; /* was k = (unsigned int)strlen(p) - 1, but Coverity screamed */
data/gmt-6.1.1+dfsg/src/gmt2kml.c:470:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strchr (GMT_LEN_UNITS, p[k])) strcat (p, "e"); /* Force meters as default unit */
data/gmt-6.1.1+dfsg/src/gmt2kml.c:596:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (strlen (R->text) < GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmt2kml.c:929:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.setting.io_col_separator, ","); /* Specify comma-separated output */
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1115:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (do_description) strcat (description, " ");
data/gmt-6.1.1+dfsg/src/gmt2kml.c:1234:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L = strlen (item);
data/gmt-6.1.1+dfsg/src/gmt_agc_io.c:109:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen (floatvalue); j < PARAMSIZE; j++) strcat (floatvalue, " ");
data/gmt-6.1.1+dfsg/src/gmt_agc_io.c:109:53: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (j = strlen (floatvalue); j < PARAMSIZE; j++) strcat (floatvalue, " ");
data/gmt-6.1.1+dfsg/src/gmt_api.c:842:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (opt->arg)) == 0 || len >= GMT_LEN128) continue; /* No arg or very long args that are filenames can be skipped */
data/gmt-6.1.1+dfsg/src/gmt_api.c:991:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool running_in_bindir_src = !strncmp (GMT->init.runtime_bindir, GMT_BINARY_DIR_SRC_DEBUG, strlen(GMT_BINARY_DIR_SRC_DEBUG));
data/gmt-6.1.1+dfsg/src/gmt_api.c:1052:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; list[k] && strncmp (list[k], GMT_SUPPL_LIB_NAME, strlen(GMT_SUPPL_LIB_NAME)); k++); /* Look for official supplements */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1080:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (unsigned int)strlen (GMT->session.CUSTOM_LIBS) - 1; /* Index of last char in CUSTOM_LIBS */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1483:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (tmp); /* Get the length of this item */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1490:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (tmp); k++)
data/gmt-6.1.1+dfsg/src/gmt_api.c:1500:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (next) < 3) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:1573:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s[k]) > 3) { /* Not enough to just find option, must examine the modifiers */
data/gmt-6.1.1+dfsg/src/gmt_api.c:1638:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (revised, ",");
data/gmt-6.1.1+dfsg/src/gmt_api.c:1666:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s_length = strlen(text);
data/gmt-6.1.1+dfsg/src/gmt_api.c:2321:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, string, length-1); /* Use old text if we are not resetting */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2322:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lim = length - strlen (buffer) - 1; /* Remaining characters that we can use */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2324:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, API->GMT->init.module_name, lim);
data/gmt-6.1.1+dfsg/src/gmt_api.c:2325:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lim = length - strlen (buffer) - 1; /* Remaining characters that we can use */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2326:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (buffer, " ", lim);
data/gmt-6.1.1+dfsg/src/gmt_api.c:2328:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lim = length - strlen (buffer) - 1; /* Remaining characters that we can use */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2329:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, txt, lim); /* Append new text */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2331:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, buffer, length); /* Only copy over max length bytes */
data/gmt-6.1.1+dfsg/src/gmt_api.c:2499:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.filename[direction], &(S_obj->filename[first]), PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:4070:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) != '\n' && k < GMT_LEN128) text[k++] = c; /* Get first record up to newline */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4080:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp); /* Need to peak ahead to know what record we are dealing with. PPM can have comments */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4082:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) != '\n' ) k++; /* Ends when c is newline */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4083:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp); /* Peak ahead again */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4088:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) != '\n' && k < GMT_LEN128) text[k++] = c; /* Get next record up to newline */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4092:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) != '\n' ) k++;
data/gmt-6.1.1+dfsg/src/gmt_api.c:4176:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (h->mem_layout, "TRB ", 4); /* Fill out red, green, and blue bands */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4186:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (h->mem_layout, "TRP ", 4); /* Fill out red, green, and blue pixels */
data/gmt-6.1.1+dfsg/src/gmt_api.c:4517:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (comment);
data/gmt-6.1.1+dfsg/src/gmt_api.c:4520:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (dim);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5261:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (M_file, source, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5542:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (M_file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5698:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (V_file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:5844:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (V_file, source, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:6440:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s_length = strlen(*str);
data/gmt-6.1.1+dfsg/src/gmt_api.c:6483:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (last_color, color, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:6774:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(API->GMT->init.module_name) < 500) /* 500, just to shut up a Coverity issue */
data/gmt-6.1.1+dfsg/src/gmt_api.c:6776:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, " ");
data/gmt-6.1.1+dfsg/src/gmt_api.c:6780:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lim = GMT_BUFSIZ - strlen (buffer) - 1; /* Max characters left */
data/gmt-6.1.1+dfsg/src/gmt_api.c:6781:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (buffer, txt, lim);
data/gmt-6.1.1+dfsg/src/gmt_api.c:6862:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (API->tmp_dir)) > 2 && API->tmp_dir[len-1] == '/') API->tmp_dir[len-1] = '\0'; /* Chop off trailing slash */
data/gmt-6.1.1+dfsg/src/gmt_api.c:7183:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (resource)) /* Strip off any beginning of the name */
data/gmt-6.1.1+dfsg/src/gmt_api.c:7999:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (file), elen;
data/gmt-6.1.1+dfsg/src/gmt_api.c:8001:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elen = strlen (ext);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8014:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (CPT_file, file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8030:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, &input[first], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8503:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_trailing_text, M->text[S->rec-1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8558:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_trailing_text, V->text[S->rec-1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8584:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_trailing_text, D->table[count[GMT_TBL]]->segment[count[GMT_SEG]]->text[count[GMT_ROW]], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8595:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, D->table[count[GMT_TBL]]->segment[count[GMT_SEG]]->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8602:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_text, D->table[count[GMT_TBL]]->header[count[GMTAPI_HDR_POS]-1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:8748:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (record) strncpy (GMT->current.io.segment_header, (char*) (record), GMT_BUFSIZ-1); /* Default to last segment record if NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:8779:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (count[GMT_SEG] == -1 && strlen(s)) { /* Only allow headers for first segment in a table */
data/gmt-6.1.1+dfsg/src/gmt_api.c:8799:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && strlen(s)) { /* Found a segment header */
data/gmt-6.1.1+dfsg/src/gmt_api.c:8847:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)) { /* Only allow headers for first segment in a table */
data/gmt-6.1.1+dfsg/src/gmt_api.c:8921:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)) { /* Only allow headers for first segment in a table */
data/gmt-6.1.1+dfsg/src/gmt_api.c:9027:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (record) strncpy (GMT->current.io.curr_text, (char*) (record), GMT_BUFSIZ-1); /* Default to last segment record if NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:9035:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (record) strncpy (GMT->current.io.segment_header, (char*) (record), GMT_BUFSIZ-1); /* Default to last segment record if NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:9083:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (record) strncpy (GMT->current.io.curr_text, (char*) (record), GMT_BUFSIZ-1); /* Default to last segment record if NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:9127:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (record) strncpy (GMT->current.io.curr_text, (char*) (record), GMT_BUFSIZ-1); /* Default to last segment record if NULL */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10223:53: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ((k+1) % 10 == 0 || k == (N_SINGLETON_LIST-1)) strcat (message, "\n");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10270:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (info->suffix, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_api.c:10311:31: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (info->suffix[0] == '\0') strncpy (info->suffix, "tapered", GMT_LEN64-1); /* Default suffix */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10713:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (name)) == 0) { /* Grids that are being created have no filename yet */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10721:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (&name[i]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:10722:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, &name[i], PATH_MAX-1); /* Make a full copy of filename without leading directories */
data/gmt-6.1.1+dfsg/src/gmt_api.c:10726:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (file);
data/gmt-6.1.1+dfsg/src/gmt_api.c:10727:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j) len += strlen (&name[j]);
data/gmt-6.1.1+dfsg/src/gmt_api.c:10728:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (1 + strlen(suffix));
data/gmt-6.1.1+dfsg/src/gmt_api.c:10730:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (file, "_");
data/gmt-6.1.1+dfsg/src/gmt_api.c:10850:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen (HH->name); len > 0 && !(HH->name[len-1] == '/' || HH->name[len-1] == '\\'); len--); /* Find start of file name minus any leading directories */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11009:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (gmt_module, module, GMT_LEN64-5); /* Concatenate GMT_-prefix and module name to get function name */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11018:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (gmt_module, module, GMT_LEN64-4); /* Prepend "gmt" to module and try again */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11099:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (gmt_module, module, GMT_LEN32-4); /* Concatenate gmt and module name to get function name */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11103:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (module, gmt_module, strlen(gmt_module)); /* Rewrite module name to contain prefix of gmt */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11103:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (module, gmt_module, strlen(gmt_module)); /* Rewrite module name to contain prefix of gmt */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11131:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (gmt_module, module, GMT_LEN32-4); /* Concatenate gmt and module name to get function name */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11135:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (module, gmt_module, strlen(gmt_module)); /* Rewrite module name to contain prefix of gmt */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11135:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (module, gmt_module, strlen(gmt_module)); /* Rewrite module name to contain prefix of gmt */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11194:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->arg = realloc (opt->arg, strlen (opt->arg)+2); /* Make space for ? */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11195:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (opt->arg, "?");
data/gmt-6.1.1+dfsg/src/gmt_api.c:11416:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 1, len = 0; len < strlen (opt->arg); len++) if (opt->arg[len] == ',') k++;
data/gmt-6.1.1+dfsg/src/gmt_api.c:11434:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 1, len = 0; len < strlen (opt->arg); len++) if (opt->arg[len] == ',') k++;
data/gmt-6.1.1+dfsg/src/gmt_api.c:11596:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (argument)) == (size_t)n_pre_arg) /* Got some option like -G or -Lu with no further args */
data/gmt-6.1.1+dfsg/src/gmt_api.c:11613:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, opt->arg, mod_pos);
data/gmt-6.1.1+dfsg/src/gmt_api.c:11614:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (txt, "?");
data/gmt-6.1.1+dfsg/src/gmt_api.c:11903:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (value) != 4U) {
data/gmt-6.1.1+dfsg/src/gmt_api.c:12030:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_info_len = strlen (API->message);
data/gmt-6.1.1+dfsg/src/gmt_api.c:12035:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (strlen (API->message) < GMT_MSGSIZ);
data/gmt-6.1.1+dfsg/src/gmt_api.c:12075:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_info_len = strlen (API->message); /* Update length of message from 0 */
data/gmt-6.1.1+dfsg/src/gmt_api.c:12084:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_info_len = strlen (API->message);
data/gmt-6.1.1+dfsg/src/gmt_api.c:12089:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (strlen (API->message) < GMT_MSGSIZ);
data/gmt-6.1.1+dfsg/src/gmt_api.c:12212:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (p)) == 0) continue;
data/gmt-6.1.1+dfsg/src/gmt_api.c:12247:67: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define F_STRNCPY(dst,src,ldst,lsrc) { int l = MIN(ldst-1, lsrc); strncpy (dst, src, l); dst[l] = '\0'; }
data/gmt-6.1.1+dfsg/src/gmt_api.c:12918:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (H && strlen (H)) { /* Gave a header string to (re)place in the segment */
data/gmt-6.1.1+dfsg/src/gmt_api.c:13226:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (I->header->mem_layout, code, strlen(code));
data/gmt-6.1.1+dfsg/src/gmt_api.c:13226:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (I->header->mem_layout, code, strlen(code));
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:895:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, GMT->current.language.week_name[kind], GMT_LEN16);
data/gmt-6.1.1+dfsg/src/gmt_calclock.c:897:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, GMT->current.language.month_name[kind][ival[D->item_pos[1]]-1], GMT_LEN16);
data/gmt-6.1.1+dfsg/src/gmt_cdf.c:127:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->command, text, GMT_GRID_COMMAND_LEN320-1);
data/gmt-6.1.1+dfsg/src/gmt_cdf.c:128:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->remark, &text[GMT_GRID_COMMAND_LEN320], GMT_GRID_REMARK_LEN160-1);
data/gmt-6.1.1+dfsg/src/gmt_cdf.c:149:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, header->command, GMT_GRID_COMMAND_LEN320-1);
data/gmt-6.1.1+dfsg/src/gmt_cdf.c:150:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&text[GMT_GRID_COMMAND_LEN320], header->remark, GMT_GRID_REMARK_LEN160-1);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:116:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, path, PATH_MAX);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:122:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, path, PATH_MAX);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:203:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (candidate_abs, dir, PATH_MAX);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:204:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (candidate_abs, "/");
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:270:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, path, PATH_MAX);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:301:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_runtime_libdir = strlen (runtime_libdir);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:302:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_libdir_rel = strlen (GMT_LIBDIR_RELATIVE);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:312:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
sharedir = strncpy (sharedir, runtime_libdir, len_base_dir);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:340:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_runtime_bindir = strlen (runtime_bindir);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:341:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_bindir_rel = strlen (GMT_BINDIR_RELATIVE);
data/gmt-6.1.1+dfsg/src/gmt_common_runpath.c:351:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
sharedir = strncpy (sharedir, runtime_bindir, len_base_dir);
data/gmt-6.1.1+dfsg/src/gmt_common_sighandler.c:193:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( c = getchar()) != '\n' && c != EOF );
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:67:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = strlen (file) - 1; /* We know here that the string is at least 1 character long, so len is >= 0 */
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(string)) <= n ) {
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:189:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (string);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:225:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = calloc(strlen(in)+1, sizeof (char));
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:244:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:260:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (len) strncpy (token, &string[start], len);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:272:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || (n = strlen (dir)) < 2U)
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:558:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) (*pos) += strlen (c) + 1;
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:688:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) >= PATH_MAX) {
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:706:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endp = path + strlen(path) - 1;
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:785:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1_len = strlen(s1);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:788:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2_len = strlen(s2);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:816:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s3_len = strlen(s3);
data/gmt-6.1.1+dfsg/src/gmt_common_string.c:842:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(newstr) == newstr_len);
data/gmt-6.1.1+dfsg/src/gmt_customio.c:576:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (HHt->name, HH->name, GMT_LEN256);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:304:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (n_items) strcat (list, ",");
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:315:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (n_items) strcat (list, ",");
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:430:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (state, &code[3], GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_dcw.c:462:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (msg) - 1;
data/gmt-6.1.1+dfsg/src/gmt_error.h:120:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (src_line);
data/gmt-6.1.1+dfsg/src/gmt_error.h:121:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (str, "(", GMT_LEN256 - 2 - len);
data/gmt-6.1.1+dfsg/src/gmt_error.h:122:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (str, func, GMT_LEN256 - 3 - len);
data/gmt-6.1.1+dfsg/src/gmt_error.h:123:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (str, ")");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:44:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:48:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:54:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:58:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:63:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, item); strcat (record, "\n");
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:195:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (header->title);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (header->title);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:311:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp); /* Get first char of next line... */
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:381:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (HH->name);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:382:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name_len < strlen(file) + 4) {
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:402:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->title, file, GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:405:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->title, file, GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (file);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:432:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->title, file, GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_esri_io.c:444:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->title, file, GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_fft.c:373:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (wisdom_file, GMT->session.CACHEDIR, PATH_MAX);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:37:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, gdal_filename, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:38:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(gdal_filename) > 2) && (c = strchr(&gdal_filename[2], ':'))) { /* Assume it is a SUBDATASET */
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:45:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, gdal_filename, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:575:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszProjection != NULL && strlen(pszProjection) > 0) {
data/gmt-6.1.1+dfsg/src/gmt_gdalread.c:790:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prhs->O.mem_layout, GMT->current.gdal_read_in.O.mem_layout, 4);
data/gmt-6.1.1+dfsg/src/gmt_gdalwrite.c:195:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(to_GDALW->layout, I->header->mem_layout, 4);
data/gmt-6.1.1+dfsg/src/gmt_gdalwrite.c:587:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "history", strlen(prhs->command), prhs->command));
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:227:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_length = strlen (file);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:229:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (GMT->session.shorthand[i].suffix);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:323:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (type_code, format, 2);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:399:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (type_code, format, 2);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:812:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string[0], header->x_units, GMT_GRID_UNIT_LEN80);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:813:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string[1], header->y_units, GMT_GRID_UNIT_LEN80);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:814:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string[2], header->z_units, GMT_GRID_UNIT_LEN80);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1071:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp, &HH->name[i+3], pch - &HH->name[i+3] + 1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1072:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp, "\""); strncat(tmp, HH->name, i-1); strcat(tmp, "\"");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1072:25: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcat (tmp, "\""); strncat(tmp, HH->name, i-1); strcat(tmp, "\"");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1072:54: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp, "\""); strncat(tmp, HH->name, i-1); strcat(tmp, "\"");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1073:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&pch[1]) < (GMT_LEN512-strlen(tmp)-1)) strncat (tmp, &pch[1], GMT_LEN512-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1073:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&pch[1]) < (GMT_LEN512-strlen(tmp)-1)) strncat (tmp, &pch[1], GMT_LEN512-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1074:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (HH->name, tmp, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1077:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (HH->name, &HH->name[i+3], strlen(&HH->name[i+3])+1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1107:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (HH->name, tmp, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1157:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (HH->name, tmp, GMT_LEN256-1); /* Strip off variable name */
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1753:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (input[0] != input[strlen(input)-1]) {}
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1765:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ptr);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1774:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (copy) strncpy (h->x_units, ptr, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1782:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (copy) strncpy (h->y_units, ptr, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1790:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (copy) strncpy (h->z_units, ptr, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1808:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (copy) strncpy (h->title, ptr, GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1816:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (copy) strncpy (h->remark, ptr, GMT_GRID_REMARK_LEN160-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1831:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (input); k++) if (input[k] == '/') n_slash++;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1846:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word) > GMT_GRID_UNIT_LEN80)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1850:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (word[1]) strncpy (h->x_units, &word[1], GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1854:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word) > GMT_GRID_UNIT_LEN80)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1858:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (word[1]) strncpy (h->y_units, &word[1], GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1862:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word) > GMT_GRID_UNIT_LEN80)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1866:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (word[1]) strncpy (h->z_units, &word[1], GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1880:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word) > GMT_GRID_TITLE_LEN80)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1884:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (word[1]) strncpy (h->title, &word[1], GMT_GRID_TITLE_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1888:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(word) > GMT_GRID_REMARK_LEN160)
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1892:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (word[1]) strncpy (h->remark, &word[1], GMT_GRID_REMARK_LEN160-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1913:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (h->x_units, "x");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1914:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (h->y_units, "y");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1985:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (header->x_units, "x");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1986:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (header->y_units, "y");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:1988:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (header->z_units, "z");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2005:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->command, GMT->init.module_name, GMT_GRID_COMMAND_LEN320-1);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2006:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (header->command);
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2020:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen (txt) + 1;
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:2022:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (header->command, " ");
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3105:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)strlen(file) - 1; i > 0; i--) {
data/gmt-6.1.1+dfsg/src/gmt_grdio.c:3295:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (file) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:509:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 1; k < strlen (text); k++)
data/gmt-6.1.1+dfsg/src/gmt_init.c:515:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = j = 0; k < strlen (text); k++) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:533:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len, len_given_keyword = strlen(arg); /* Get the length of given argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:540:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN (len_given_keyword, strlen (kw[set][*k].long_option)); /* Only compare up to the given # of characters, but less than actual length of long_option */
data/gmt-6.1.1+dfsg/src/gmt_init.c:554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len, lent = strlen(text);
data/gmt-6.1.1+dfsg/src/gmt_init.c:559:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN (lent, strlen(item)); /* Only compare up to the given # of characters, but less than length of item */
data/gmt-6.1.1+dfsg/src/gmt_init.c:769:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.g.string, item, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:775:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.g.string, item, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:924:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Jstring, GMT->common.J.string, GMT_LEN128-1); /* Make a duplicate in case we must mess around with it */
data/gmt-6.1.1+dfsg/src/gmt_init.c:933:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (d);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1076:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.a.string, arg, GMT_LEN256-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1204:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.b.varnames, &text[k+1], GMT_BUFSIZ-1); /* Copy the list of netCDF variable names */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1317:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.b.string, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1320:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.b.string, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:1343:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.f.string, arg, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1352:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.f.string, arg, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1355:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, &arg[k], GMT_BUFSIZ-1); /* arg should NOT have a leading i|o part */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1395:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (p); /* Length of the string p */
data/gmt-6.1.1+dfsg/src/gmt_init.c:1464:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (txt), k = 0;
data/gmt-6.1.1+dfsg/src/gmt_init.c:1531:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t end = strlen (arg) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:1734:51: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
((n_model - k) > 1) ? strcat (report, " + ") : strcat (report, "\n");
data/gmt-6.1.1+dfsg/src/gmt_init.c:1756:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (txt), k = 0;
data/gmt-6.1.1+dfsg/src/gmt_init.c:2006:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int k = 1, len = (int)strlen (item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2011:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.map_logo_label, item, GMT_LEN256-1); /* Got a label */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2015:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (item[0]) strncpy (GMT->current.ps.map_logo_label, item, GMT_LEN256-1); /* Got a label */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2055:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.map_logo_label, item, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2064:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.map_logo_label, item, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2201:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.n.string, item, GMT_LEN64-1); /* Make copy of -n argument verbatim */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2230:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < MIN (4,strlen (GMT->common.n.BC)); j++) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:2348:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.s.string, item, GMT_LEN64-1); /* Make copy of -s argument verbatim */
data/gmt-6.1.1+dfsg/src/gmt_init.c:2363:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2461:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen (in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2515:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_out_orig, value, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2536:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_out, GMT->current.io.o_format[col], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2546:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (k) strncpy (GMT->current.setting.format_float_out, GMT->current.io.o_format[k-1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2550:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_out, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:2825:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (tag, "");
data/gmt-6.1.1+dfsg/src/gmt_init.c:2832:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen ("BEGIN GMT " GMT_PACKAGE_VERSION);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3022:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen (dir); /* Get length of dir */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3046:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool running_in_bindir_src = !strncmp (GMT->init.runtime_bindir, GMT_BINARY_DIR_SRC_DEBUG, strlen(GMT_BINARY_DIR_SRC_DEBUG));
data/gmt-6.1.1+dfsg/src/gmt_init.c:3259:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = (int)strlen (in)) < 2)
data/gmt-6.1.1+dfsg/src/gmt_init.c:3285:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (out, in, k); /* Copy everything up to the pattern */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3286:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = k + strlen (pattern); /* Now go to beginning of item */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3366:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3367:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (x_info, in, s_pos[0]); x_info[s_pos[0]] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:3368:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (y_info, &in[s_pos[0]+1], s_pos[1] - s_pos[0] - 1); y_info[s_pos[1] - s_pos[0] - 1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:3369:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (z_info, &in[s_pos[1]+1], i - s_pos[1] - 1); z_info[i - s_pos[1] - 1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:3372:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (in);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3373:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (x_info, in, s_pos[0]); x_info[s_pos[0]] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:3374:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (y_info, &in[s_pos[0]+1], i - s_pos[0] - 1); y_info[i - s_pos[0] - 1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:3697:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.B.string[i], in, GMT_LEN256-1); /* Keep a copy of the actual option(s) */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3718:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)strlen(in) - 1, ignore = false; !GMT->current.map.frame.paint && !error && i >= 0; i--) { /** Look for +g<fill */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3740:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (out1, &in[i+2], GMT_BUFSIZ-1); /* Make a copy of the fill argument */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3782:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (workspace, &GMT->current.map.frame.axis[i].prefix[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3785:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&workspace[1], GMT->current.map.frame.axis[i].prefix, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3792:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (workspace, &GMT->current.map.frame.axis[i].unit[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3795:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&workspace[1], GMT->current.map.frame.axis[i].unit, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:3807:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = (int)strlen (out3) - 1; k >= 0; k--) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:3851:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = (mods) ? strlen (mods) : 0; /* Since mods may be NULL */
data/gmt-6.1.1+dfsg/src/gmt_init.c:3986:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, in, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4046:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.map.frame.header, &p[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4150:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.B.string[no], in, GMT_LEN256-1); /* Keep a copy of the actual option(s) */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4164:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, &in[k], GMT_BUFSIZ-1); /* Make a copy of the input, starting after the leading -B[p|s][xyz] indicators */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4169:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (orig_string, text, k); /* orig_string now has the interval information */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4235:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.map.frame.axis[no].label, &p[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4246:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.map.frame.axis[no].prefix, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4260:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.map.frame.axis[no].secondary_label, &p[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4271:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.map.frame.axis[no].unit, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4295:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = (int)strlen (string) - 1; k >= 0; k--) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:4459:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t k = strlen (scale_or_width);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4527:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.J.zstring, args, GMT_LEN128-1); /* Verbatim copy of -Jz|Z */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4529:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.J.string, args, GMT_LEN128-1); /* Verbatim copy or map -J */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4550:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_pos = (int)strlen (args) - 1; /* Position of last character in this string */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4575:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen (args), k = -1; j > 0 && k < 0 && args[j] != '/'; j--)
data/gmt-6.1.1+dfsg/src/gmt_init.c:4611:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (args);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4623:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (args_cp, args, GMT_BUFSIZ-1); /* Since gmt_M_to_inch modifies the string */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4659:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (args_cp, &args[slash+1], GMT_BUFSIZ-1); /* Since gmt_M_to_inch modifies the string */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4717:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (args);
data/gmt-6.1.1+dfsg/src/gmt_init.c:4728:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (args_cp, args, GMT_BUFSIZ-1); /* Since gmt_M_to_inch modifies the string */
data/gmt-6.1.1+dfsg/src/gmt_init.c:4824:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen (args) - 1; /* Last character check for deprecated r or z */
data/gmt-6.1.1+dfsg/src/gmt_init.c:5107:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = (int)strlen(&(txt_arr[2][0]));
data/gmt-6.1.1+dfsg/src/gmt_init.c:5116:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = (int)strlen(&(txt_arr[3][0]));
data/gmt-6.1.1+dfsg/src/gmt_init.c:5125:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = (int)strlen(&(txt_arr[4][0]));
data/gmt-6.1.1+dfsg/src/gmt_init.c:5135:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = (int)strlen(&(txt_arr[5][0]));
data/gmt-6.1.1+dfsg/src/gmt_init.c:5226:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod = (char)toupper ((int)txt_a[strlen(txt_a)-1]); /* Check if UTM zone has a valid latitude modifier */
data/gmt-6.1.1+dfsg/src/gmt_init.c:5307:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p, text, k); p[k] = 0;
data/gmt-6.1.1+dfsg/src/gmt_init.c:5405:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 't': strncpy (S->string, &p[1], GMT_LEN256-1); break; /* Get the symbol text */
data/gmt-6.1.1+dfsg/src/gmt_init.c:5433:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.proj.unit_name[GMT_IS_METER], "m");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5529:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][0], "J"); strcpy (GMT->current.language.month_name[3][0], "JAN");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5531:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][1], "F"); strcpy (GMT->current.language.month_name[3][1], "FEB");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5533:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][2], "M"); strcpy (GMT->current.language.month_name[3][2], "MAR");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5535:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][3], "A"); strcpy (GMT->current.language.month_name[3][3], "APR");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5537:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][4], "M"); strcpy (GMT->current.language.month_name[3][4], "MAY");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5539:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][5], "J"); strcpy (GMT->current.language.month_name[3][5], "JUN");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5541:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][6], "J"); strcpy (GMT->current.language.month_name[3][6], "JUL");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5543:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][7], "A"); strcpy (GMT->current.language.month_name[3][7], "AUG");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5545:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][8], "S"); strcpy (GMT->current.language.month_name[3][8], "SEP");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5547:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][9], "O"); strcpy (GMT->current.language.month_name[3][9], "OCT");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5549:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][10],"N"); strcpy (GMT->current.language.month_name[3][10],"NOV");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5551:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.month_name[2][11],"D"); strcpy (GMT->current.language.month_name[3][11],"DEC");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5555:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.week_name[2], "W");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5559:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][0], "S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5561:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][1], "M");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5563:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][2], "T");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5565:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][3], "W");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5567:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][4], "T");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5569:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][5], "F");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5571:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.day_name[2][6], "S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5574:62: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[0][0], "West"); strcpy (GMT->current.language.cardinal_name[1][0], "W");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5575:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[2][0], "W");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5576:62: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[0][1], "East"); strcpy (GMT->current.language.cardinal_name[1][1], "E");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5577:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[2][1], "E");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5578:63: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[0][2], "South"); strcpy (GMT->current.language.cardinal_name[1][2], "S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5579:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[2][2], "S");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5580:63: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[0][3], "North"); strcpy (GMT->current.language.cardinal_name[1][3], "N");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5581:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.language.cardinal_name[2][3], "N");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5672:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.month_name[0][i-1], full, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5673:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.month_name[1][i-1], abbrev, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5674:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.month_name[2][i-1], c, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5676:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.month_name[3][i-1], abbrev, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5685:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.day_name[0][i-1], full, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5686:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.day_name[1][i-1], abbrev, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5687:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.day_name[2][i-1], c, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5691:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.week_name[0], full, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5692:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.week_name[1], abbrev, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5693:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.week_name[2], c, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5702:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.cardinal_name[0][i-1], full, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5703:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.cardinal_name[1][i-1], abbrev, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5704:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.language.cardinal_name[2][i-1], c, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:5737:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.setting.format_geo_out, "D");
data/gmt-6.1.1+dfsg/src/gmt_init.c:5940:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.setting.io_col_separator, "\t");
data/gmt-6.1.1+dfsg/src/gmt_init.c:6145:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fullname) >= GMT_LEN32) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:6149:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->session.font[i].name, fullname, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:6341:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) > 4 && !strncmp (&path[strlen(path)-4], "/bin", 4U))
data/gmt-6.1.1+dfsg/src/gmt_init.c:6341:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) > 4 && !strncmp (&path[strlen(path)-4], "/bin", 4U))
data/gmt-6.1.1+dfsg/src/gmt_init.c:6342:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (&path[strlen(path)-3], "lib", 3U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:6342:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (&path[strlen(path)-3], "lib", 3U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:6402:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (i = 0; i < 4; i++) strncpy (GMT->session.unit_name[i], unit_name[i], 7U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:6473:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_length = strlen(options);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8038:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (item, arg, GMT_BUFSIZ-1); /* Copy locally */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8062:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (item) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8067:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.R.string, item, GMT_LEN256-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8180:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, &item[1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, item, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8215:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, &item[1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8226:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, item, GMT_BUFSIZ-1); /* Try to read these as 4 limits in meters */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8236:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, item, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8241:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (string) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string[strlen(string)-1] = '\0'; /* Remove the trailing r so gmt_scanf will work */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8274:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (no_T) strcat (text, "T"); /* Add the missing trailing 'T' in an ISO date */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8388:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p)-1] == ':') *stop = INTMAX_MAX; /* Did not specify stop, set to max */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8475:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (first == GMT_IN) strncpy (GMT->common.d.string, arg, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8484:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.e.string, arg, GMT_LEN64-1); /* Make copy of -e argument verbatim */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8502:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8518:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.i.string, arg, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8548:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen (p) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:8631:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.j.string, arg, GMT_LEN8-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8652:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'G': strncpy (GMT->common.l.item.gap, &txt[1], GMT_LEN32-1); break; /* Gap before next item */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8655:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (&txt[1]) strncpy (GMT->common.l.item.pen[GMT_LEGEND_PEN_D], &txt[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8657:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'H': strncpy (GMT->common.l.item.header, &txt[1], GMT_LEN128-1); break; /* Legend header */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8663:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.l.item.subheader, &txt[3], GMT_LEN128-1); /* Legend label */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8667:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.l.item.subheader, &txt[1], GMT_LEN128-1); /* Legend label default left justified */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8675:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (&txt[1]) strncpy (GMT->common.l.item.pen[GMT_LEGEND_PEN_V], &txt[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8677:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'f': strncpy (GMT->common.l.item.font, &txt[1], GMT_LEN32-1); break; /* Font to use for this -l entry */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8679:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (&txt[1]) strncpy (GMT->common.l.item.fill, &txt[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8683:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (&txt[1]) strncpy (GMT->common.l.item.off, &txt[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8686:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (&txt[1]) strncpy (GMT->common.l.item.pen[GMT_LEGEND_PEN_P], &txt[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8695:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (arg[0]) strncpy (GMT->common.l.item.label, arg, GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8715:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:8716:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.o.string, arg, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:8856:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.q.string[direction], arg, GMT_LEN64-1); /* Verbatim copy of the option args */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9019:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->common.g.string, txt, GMT_LEN64-1); /* Verbatim copy */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9146:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (txt[strlen(txt)-1]) { /* Process unit information */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9181:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (txt[strlen(txt)-1]) { /* Process unit information */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9238:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (line) < 7 || (ver = strtol (&line[6], NULL, 10)) < 5 )
data/gmt-6.1.1+dfsg/src/gmt_init.c:9341:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!first) strcat (string, ",");
data/gmt-6.1.1+dfsg/src/gmt_init.c:9363:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (lower_value, value, GMT_BUFSIZ-1); /* Get a lower case version */
data/gmt-6.1.1+dfsg/src/gmt_init.c:9365:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (value);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9375:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_clock_in, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9382:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_date_in, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9389:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_clock_out, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9396:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_date_out, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9403:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_geo_out, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9410:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_clock_map, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9417:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_date_map, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9424:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_geo_map, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9435:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_time[GMT_PRIMARY], value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9441:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_time[GMT_SECONDARY], value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9450:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_map, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9456:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_time_stamp, value, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9659:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (GMT->current.setting.map_annot_ortho, "", 5U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9663:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (GMT->current.setting.map_annot_ortho, "we", 5U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9673:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.map_annot_ortho, lower_value, 5U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9695:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.map_frame_axes, value, 5U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:9731:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t last = strlen (lower_value) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:10026:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.ps_encoding.name, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10219:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.ps_transpmode, value, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10222:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.ps_convert, value, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10240:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (GMT->current.setting.io_col_separator, "\t", 8U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10242:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (GMT->current.setting.io_col_separator, " ", 8U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10244:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (GMT->current.setting.io_col_separator, ",", 8U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (lower_value) > 1 && lower_value[1] == ':')
data/gmt-6.1.1+dfsg/src/gmt_init.c:10250:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy (GMT->current.setting.io_col_separator, "/", 8U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10253:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.io_col_separator, value, 8U);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10270:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.io_gridfile_format, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10293:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt[GMT_IN], value, GMT_LEN32-1); strncpy (txt[GMT_OUT], value, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10293:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt[GMT_IN], value, GMT_LEN32-1); strncpy (txt[GMT_OUT], value, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10391:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt[GMT_IN], value, GMT_LEN256-1); strncpy (txt[GMT_OUT], value, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10391:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt[GMT_IN], value, GMT_LEN256-1); strncpy (txt[GMT_OUT], value, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10707:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.language, lower_value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10794:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.time_system.epoch, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10927:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_clock_in, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10935:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_date_in, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10943:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_clock_out, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10951:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_date_out, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10959:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_geo_out, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10967:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_clock_map, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10975:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_date_map, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10983:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_geo_map, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10991:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_time[GMT_PRIMARY], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:10999:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_time[GMT_SECONDARY], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11007:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_float_out_orig, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11010:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_float_map, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11018:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.format_time_stamp, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11029:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_annot[GMT_PRIMARY]), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11037:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_annot[GMT_SECONDARY]), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11040:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_heading), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11048:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_title), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11051:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_tag), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11059:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_label), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11063:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_putfont (GMT, &GMT->current.setting.font_logo), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11151:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.map_annot_ortho, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11173:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.map_frame_axes, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11438:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.ps_encoding.name, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11550:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (value, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11552:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (value, "+");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11577:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.ps_transpmode, GMT_LEN16-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11580:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.ps_convert, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11609:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.io_col_separator, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11625:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.io_gridfile_format, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11640:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GMT->current.setting.io_head_marker_in) > 1 || GMT->current.setting.io_head_marker_in[0] != GMT->current.setting.io_head_marker_out) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:11708:207: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ((GMT->current.setting.io_seg_marker[GMT_IN] == 'N' && !GMT->current.setting.io_nanline[GMT_IN]) || (GMT->current.setting.io_seg_marker[GMT_IN] == 'B' && !GMT->current.setting.io_blankline[GMT_IN])) strcat (value, "\\");
data/gmt-6.1.1+dfsg/src/gmt_init.c:11824:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->current.setting.auto_download == GMT_NO_DOWNLOAD) ? "off" : "on", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11828:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.DATASERVER) ? GMT->session.DATASERVER : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11854:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.CUSTOM_LIBS) ? GMT->session.CUSTOM_LIBS : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11925:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, gmt_session_format[GMT->current.setting.graphics_format], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11962:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.language, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11994:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.CACHEDIR) ? GMT->session.CACHEDIR : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:11998:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.DATADIR) ? GMT->session.DATADIR : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12002:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.DCWDIR) ? GMT->session.DCWDIR : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12007:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, (GMT->session.GSHHGDIR) ? GMT->session.GSHHGDIR : "", GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12013:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, GMT->current.setting.time_system.epoch, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12086:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, " "); /* Separate by spaces */
data/gmt-6.1.1+dfsg/src/gmt_init.c:12167:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12187:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12205:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12219:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12233:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "-");
data/gmt-6.1.1+dfsg/src/gmt_init.c:12252:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = (int)strlen(string))) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:12341:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ename, name, GMT_LEN64-1); /* Make a copy of name */
data/gmt-6.1.1+dfsg/src/gmt_init.c:12455:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (time_system->epoch, epoch, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:12854:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp (tmp, "@")) strncpy (P->tag, tmp, GMT_LEN128-1); /* Replace auto-tag with manually added tag */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13077:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (item = 0; item < strlen (list); item++) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13085:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr ("xXpP", opt->arg[0]) == NULL || (toupper (opt->arg[0]) == 'X' && opt->arg[strlen(opt->arg)-1] == 'd')) { /* Geographic projection of some sort */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13252:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (r_code[0]) strcat (r_code, ","); /* Accumulate all codes across multiple -E options */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13254:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (e_code, E->arg, GMT_LEN256-1); /* Duplicate country codes only */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13262:24: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
r_opt[0] = '+'; strncat (r_opt, p, GMT_LEN128-2);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13269:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
default: strcat (e_code, "+"); strcat (e_code, p); break; /* Append as is */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13320:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13346:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg) < 1) continue; /* ps is the shortest format extension */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13459:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (oldarg, opt_J->arg, GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:13496:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (arg, "l");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13498:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (arg, "d");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13500:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (arg), k = 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13507:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (arg, "/"); /* Add the slash divider */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13510:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (arg, "l");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13512:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (arg, "d");
data/gmt-6.1.1+dfsg/src/gmt_init.c:13514:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (arg), k = 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:13599:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (file); k++) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:13721:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (norm == 0 && S->arg[strlen(S->arg)-1] == 'n') { /* Old-style -S<radius>n syntax */
data/gmt-6.1.1+dfsg/src/gmt_init.c:13723:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
S->arg[strlen(S->arg)-1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_init.c:14087:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file = malloc (strlen(opt->arg)+1+strlen (API->remote_info[k_data].ext));
data/gmt-6.1.1+dfsg/src/gmt_init.c:14087:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file = malloc (strlen(opt->arg)+1+strlen (API->remote_info[k_data].ext));
data/gmt-6.1.1+dfsg/src/gmt_init.c:14387:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p, text, k); p[k] = 0;
data/gmt-6.1.1+dfsg/src/gmt_init.c:14505:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (p);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14638:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (text[2]) strncpy (diameter, &text[2], GMT_LEN32-1); /* Gave circle diameter on command line */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14661:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text_cp, text, GMT_LEN256-1); /* Copy for processing later */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14683:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen (text)-1; j > 0 && text[j] != '/'; --j); /* Determine last slash */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14693:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr("CcIiPp", txt_a[strlen(txt_a) - 1])) { /* If last char equals a unit char... */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14695:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (t, txt_a, strlen(txt_a) - 1); /* Make a copy of what we found minus the unit char */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14695:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (t, txt_a, strlen(txt_a) - 1); /* Make a copy of what we found minus the unit char */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14699:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{strcat(text_cp, "/"); strcat(text_cp, txt_a);col_off++;}
data/gmt-6.1.1+dfsg/src/gmt_init.c:14705:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text_cp, "/"); strcat(text_cp, txt_a);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14717:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (n == 1) strncpy (arg, &text[1], GMT_LEN64-1); /* No modifiers present, set arg to text following symbol code */
data/gmt-6.1.1+dfsg/src/gmt_init.c:14737:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (arg, &text[2], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14794:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text_cp, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14806:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((len = (int)strlen (txt_a)) > 0) && txt_a[len-1] == 'u') {
data/gmt-6.1.1+dfsg/src/gmt_init.c:14810:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((len = (int)strlen (txt_b)) > 0) && txt_b[len-1] == 'u') {
data/gmt-6.1.1+dfsg/src/gmt_init.c:14829:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = (int)strlen (txt_a)) && txt_a[len-1] == 'u') {
data/gmt-6.1.1+dfsg/src/gmt_init.c:14859:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (txt_a);
data/gmt-6.1.1+dfsg/src/gmt_init.c:14870:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (txt_a, "k");
data/gmt-6.1.1+dfsg/src/gmt_init.c:14960:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p->user_unit[GMT_Y]) text_cp[strlen(text_cp)-1] = '\0'; /* Chop off u */
data/gmt-6.1.1+dfsg/src/gmt_init.c:15021:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text_cp, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15023:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (text_cp) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15033:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (text_cp) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15304:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(text) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15485:20: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (unit_name) strcpy (unit_name, "m");
data/gmt-6.1.1+dfsg/src/gmt_init.c:15548:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case GMT_IS_METER: strcpy (unit_name, "m"); break;
data/gmt-6.1.1+dfsg/src/gmt_init.c:15629:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (item);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15662:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(item_t2);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15703:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prjcode, &item[6], k - 6);
data/gmt-6.1.1+dfsg/src/gmt_init.c:15880:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pch);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16551:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pos = strlen (url);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16638:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_info_len = strlen (message);
data/gmt-6.1.1+dfsg/src/gmt_init.c:16842:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (API->GMT->current.setting.ps_convert, &c[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17012:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t start = 0, end = strlen (fig[k].prefix) - 1;
data/gmt-6.1.1+dfsg/src/gmt_init.c:17101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t k = 0; k < strlen (L); k++) {
data/gmt-6.1.1+dfsg/src/gmt_init.c:17164:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (formats, gmt_session_format[API->GMT->current.setting.graphics_format], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_init.c:17458:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((L = strlen (label)) > N_max) N_max = L;
data/gmt-6.1.1+dfsg/src/gmt_init.c:17601:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp (file, GMT_TOPO_PREFIX, strlen(GMT_TOPO_PREFIX)) && strstr (file, ".grd")) /* Useful data set distributed by GMT */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17633:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (e) == 3) /* Must be a GMT grid with format only: junk.grd=bf */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17775:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = strlen (GMT->common.i.string) - 1; k && !(GMT->common.i.string[k] == ':' || GMT->common.i.string[k] == '-'); k--); /* Find the last : or - in open-ended sequence */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17776:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (token, GMT->common.i.string, k+1); /* Get duplicate, this ends with - or : */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17793:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = strlen (GMT->common.o.string) - 1; k && !(GMT->common.o.string[k] == ':' || GMT->common.o.string[k] == '-'); k--); /* Find the last : or - in open-ended sequence */
data/gmt-6.1.1+dfsg/src/gmt_init.c:17794:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (token, GMT->common.o.string, k+1); /* Get duplicate, this ends with - or : */
data/gmt-6.1.1+dfsg/src/gmt_io.c:355:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (file);
data/gmt-6.1.1+dfsg/src/gmt_io.c:356:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (savedpath, path, PATH_MAX-1); /* Make copy of current directory path */
data/gmt-6.1.1+dfsg/src/gmt_io.c:359:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d_namlen = (int)strlen (F->d_name);
data/gmt-6.1.1+dfsg/src/gmt_io.c:534:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, record, GMT_BUFSIZ-1); /* working copy */
data/gmt-6.1.1+dfsg/src/gmt_io.c:899:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (tvalue);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1806:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s_length = strlen(text);
data/gmt-6.1.1+dfsg/src/gmt_io.c:1965:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen (text);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2072:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i1 = strlen (text) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:2362:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (s);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2393:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (scopy, s, k); /* Copy all but the suffix */
data/gmt-6.1.1+dfsg/src/gmt_io.c:2398:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (p) == 1 || (strpbrk (&p[1], "dD:") ) ){
data/gmt-6.1.1+dfsg/src/gmt_io.c:2407:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (p2) == 1) return (GMT_IS_NAN); /* Shouldn't end with a colon */
data/gmt-6.1.1+dfsg/src/gmt_io.c:2505:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (p);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2508:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (s);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2511:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (scopy, s, j);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2513:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&scopy[j+1], &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:2594:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (s) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:2629:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pw) <= strlen (pt)) return (GMT_IS_NAN); /* The W is after the T. Wrong format. */
data/gmt-6.1.1+dfsg/src/gmt_io.c:2629:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pw) <= strlen (pt)) return (GMT_IS_NAN); /* The W is after the T. Wrong format. */
data/gmt-6.1.1+dfsg/src/gmt_io.c:2767:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (space) strcat (buffer, " ");
data/gmt-6.1.1+dfsg/src/gmt_io.c:2788:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (S->header) {strcat (buffer, " "); strncat (buffer, S->header, GMT_BUFSIZ-1);} /* Append rest of previous header */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3199:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_text, text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3238:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (txt); k++) { /* Count slashes and dashes */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3333:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (col>1) strcat (message, ",");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3371:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pos) strcat (message, ",");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3377:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pos) strcat (message, ",");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3388:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pos) strcat (message, ",");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3394:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pos) strcat (message, ",");
data/gmt-6.1.1+dfsg/src/gmt_io.c:3413:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_trailing_text, word, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3419:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.curr_trailing_text, &GMT->current.io.curr_text[start_of_text], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3513:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc (fp)) == '#') { /* Possibly, this record starts with a comment character # */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3520:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc (fp)) == '#') { /* Possibly, this record starts with a comment character # */
data/gmt-6.1.1+dfsg/src/gmt_io.c:3533:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, gmtio_trim_segheader (GMT, line), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3752:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:3838:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4299:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen (txt), k = 0;
data/gmt-6.1.1+dfsg/src/gmt_io.c:4334:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (stream)) != '\n' && c != EOF)
data/gmt-6.1.1+dfsg/src/gmt_io.c:4564:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, att, attlen); /* Copy att to text */
data/gmt-6.1.1+dfsg/src/gmt_io.c:4600:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4778:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (skip);
data/gmt-6.1.1+dfsg/src/gmt_io.c:4803:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (skip);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5041:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L = strlen (dir);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5046:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, dir, N); path[N] = 0;
data/gmt-6.1.1+dfsg/src/gmt_io.c:5161:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, source, num-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5171:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, filename, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5279:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, gmtio_trim_segheader (GMT, line), GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:5500:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.io.r_mode, "r");
data/gmt-6.1.1+dfsg/src/gmt_io.c:5501:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.io.w_mode, "w");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6387:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mode && strlen (form) == 1 && form[0] == '-') { /* Do not want clock output or plotted */
data/gmt-6.1.1+dfsg/src/gmt_io.c:6443:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mode && strlen (form) == 1 && form[0] == '-') { /* Do not want date output or plotted */
data/gmt-6.1.1+dfsg/src/gmt_io.c:6475:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (S->format, "W");
data/gmt-6.1.1+dfsg/src/gmt_io.c:6700:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (unsigned int)MAX (1, strlen (GMT->current.plot.format[i][j])) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:6727:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callen = strlen (s) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:6761:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callen = strlen (s) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:6778:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callen = strlen (s);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6784:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (calstring, s, callen);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6786:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (calstring, s, callen-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6789:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (clockstring, &s[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6798:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (calstring, s, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6804:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clocklen = strlen (clockstring);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6805:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callen = strlen (calstring);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6810:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (calstring, s, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:6858:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = last = (int)strlen(text) - 1;
data/gmt-6.1.1+dfsg/src/gmt_io.c:6889:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (s);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7196:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, &line[j0], j-j0);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7589:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (open_mode, "r");
data/gmt-6.1.1+dfsg/src/gmt_io.c:7608:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, source, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7739:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GMT->current.io.segment_header)) {
data/gmt-6.1.1+dfsg/src/gmt_io.c:7927:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tbl = len = 0; tbl < Din->n_tables; tbl++) if (Din->table[tbl]->header) len += (strlen (Din->table[tbl]->header[hdr]) + 2);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7929:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (T->header[hdr], Din->table[0]->header[hdr], len);
data/gmt-6.1.1+dfsg/src/gmt_io.c:7933:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (T->header[hdr], "\t");
data/gmt-6.1.1+dfsg/src/gmt_io.c:8551:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (text)) return (true); /* Blank string */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8581:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sscanf (text, "%lf %n", &dummy, &len) == 1 && len == (int)strlen(text))
data/gmt-6.1.1+dfsg/src/gmt_io.c:8694:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (G->tvalue[id]);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8697:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (out, &G->tvalue[id][1], len-2);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8727:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d_namlen = strlen (F->d_name);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8791:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ext) e_len = strlen (ext);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8795:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d_namlen = strlen (F->d_name);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8817:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left = PATH_MAX - (int)strlen (path) - 2;
data/gmt-6.1.1+dfsg/src/gmt_io.c:8818:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left -= ((ext) ? (int)strlen (ext) : 2);
data/gmt-6.1.1+dfsg/src/gmt_io.c:8820:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (text, ext, left); /* Look for files with given ending in this dir */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8822:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (text, ".*", left); /* Look for all files in this dir */
data/gmt-6.1.1+dfsg/src/gmt_io.c:8959:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen (path);
data/gmt-6.1.1+dfsg/src/gmt_map.c:2193:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (GMT->current.setting.map_annot_ortho, ""); /* All annotations will be parallel to axes */
data/gmt-6.1.1+dfsg/src/gmt_memory.c:545:10: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
tmp = memalign (16U, nelem * size);
data/gmt-6.1.1+dfsg/src/gmt_memory.c:660:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = gmt_M_memory(GMT, NULL, strlen(s) + 1, unsigned char);
data/gmt-6.1.1+dfsg/src/gmt_modern.c:33:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen (module);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:274:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name_units, name, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:287:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, name_units, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:298:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0]) nc_put_att_text (ncid, varid, "long_name", strlen(name), name);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:299:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (units[0]) nc_put_att_text (ncid, varid, "units", strlen(units), units);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:551:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (HH->varname, "z");
data/gmt-6.1.1+dfsg/src/gmt_nc.c:893:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "Conventions", strlen(GMT_NC_CONVENTION), GMT_NC_CONVENTION));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:894:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (header->title[0]) gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "title", strlen(header->title), header->title));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:895:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "history", strlen(header->command), header->command));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:896:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (header->remark[0]) gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "description", strlen(header->remark), header->remark));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:897:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gmt_M_err_trap (nc_put_att_text (ncid, NC_GLOBAL, "GMT_version", strlen(GMT_VERSION), (const char *) GMT_VERSION));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:914:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (header->ProjRefPROJ4 && (!strncmp(header->ProjRefPROJ4, "+unavailable", 4) || strlen(header->ProjRefPROJ4) <= 5)) { /* Silently jump out of here */
data/gmt-6.1.1+dfsg/src/gmt_nc.c:939:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gmt_M_err_trap(nc_put_att_text(ncid, id[0], "spatial_ref", strlen(header->ProjRefWKT), header->ProjRefWKT));
data/gmt-6.1.1+dfsg/src/gmt_nc.c:962:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (header->z_units, HH->varname, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_nc.c:1434:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (varname, HH->varname, GMT_GRID_VARNAME_LEN80-1);
data/gmt-6.1.1+dfsg/src/gmt_notposix.c:60:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (s) + 1;
data/gmt-6.1.1+dfsg/src/gmt_notposix.c:62:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p, s, n);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = strlen (in);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:445:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (t, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:630:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = malloc (strlen(this_arg)+2);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:761:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (buffer, "-");
data/gmt-6.1.1+dfsg/src/gmt_parse.c:775:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt[arg] = gmt_M_memory (G, NULL, strlen (buffer)+1, char); /* Get memory for this item */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:831:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (buffer, "-");
data/gmt-6.1.1+dfsg/src/gmt_parse.c:858:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inc = strlen (buffer);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:864:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!first) strcat (txt, " "); /* Add space between args */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:948:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_length = strlen (arg);
data/gmt-6.1.1+dfsg/src/gmt_parse.c:949:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s_length + strlen (opt->arg)) > BUFSIZ) return_error (V_API, GMT_DIM_TOO_LARGE); /* Don't have room */
data/gmt-6.1.1+dfsg/src/gmt_parse.c:1030:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned int s_length = (unsigned int)strlen(critical_opt_order);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2139:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_map, tmp, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2204:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2266:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2416:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2448:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.setting.format_float_map, tmp, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2490:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2726:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (outstring, " "); length++;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2732:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (opt->arg) + length) < GMT_LEN1024) strcat (outstring, opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:2733:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3040:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pen->style, PSL->current.style, GMT_PEN_LEN-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3232:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out += (unsigned int)strlen (tmp);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:3251:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out += (unsigned int)strlen (tmp);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:4968:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:4979:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, label_c[nx1-1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5007:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, label_c[i], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:5883:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_width = bar_tick_len + (ms->label[0] ? strlen (ms->label) : name_width[unit]) * GMT_LET_WIDTH * GMT->current.setting.font_label.size * GMT->session.u2u[GMT_PT][GMT_INCH];
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6010:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dim[GMT_X] = strlen (txt) * GMT_DEC_WIDTH * GMT->current.setting.font_annot[GMT_PRIMARY].size / PSL_POINTS_PER_INCH + off;
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6319:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
action = GMT->current.io.curr_trailing_text[strlen(GMT->current.io.curr_trailing_text)-1];
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6636:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen(str2); k++)
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6656:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scale_c, &pch[1], GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6731:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (opt_J, "X");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6738:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcmp(prjcode, "tmerc")) strcat (opt_J, "T");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6739:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "cea")) strcat (opt_J, "Y");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6740:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "eqc")) strcat (opt_J, "Q");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6741:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "merc")) strcat (opt_J, "M");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6742:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "mill")) strcat (opt_J, "J");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6743:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat (opt_J, "C");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6746:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lon_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6750:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6756:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lon_0[0]) strcat(lon_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6757:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lat_0[0]) strcat(lat_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6758:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6759:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6762:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (lon_0[0]) strcat(opt_J, lon_0), strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6770:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lon_1, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6772:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_1, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6774:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lon_2, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6776:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_2, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6778:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6780:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lonc, &token[5], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6782:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(alpha, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6785:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lon_1[0]) strcat(lon_1, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6786:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lat_1[0]) strcat(lat_1, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6787:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_1); strcat (opt_J, "/"); strcat(opt_J, lat_1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6787:69: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_1); strcat (opt_J, "/"); strcat(opt_J, lat_1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6788:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_2); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6788:69: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_2); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6791:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lat_0[0]) strcat(lat_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6792:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lonc); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6792:68: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lonc); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6793:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, alpha); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6803:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (opt_J, "U");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6837:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcmp(prjcode, "aea")) strcat (opt_J, "B");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6838:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "eqdc")) strcat (opt_J, "D");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6839:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "lcc")) strcat (opt_J, "L");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6843:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lon_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6847:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6851:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_1, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6855:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_2, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6860:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lon_0[0]) strcat(lon_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6861:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lat_0[0]) strcat(lat_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6867:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6867:69: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6868:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lat_1); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6868:69: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lat_1); strcat (opt_J, "/"); strcat(opt_J, lat_2); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6871:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6871:69: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6878:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcmp(prjcode, "stere")) strcat (opt_J, "S");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6879:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "laea")) strcat (opt_J, "A");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6880:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "aeqd")) strcat (opt_J, "E");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6881:38: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "gnom")) strcat (opt_J, "F");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6882:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat (opt_J, "S");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6885:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lon_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6889:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_0, &token[6], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6893:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lat_ts, &token[7], 31);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6901:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lon_0[0]) strcat(lon_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6902:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!lat_0[0]) strcat(lat_0, "0");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6903:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6903:68: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_J, lon_0); strcat (opt_J, "/"); strcat(opt_J, lat_0); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6911:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!strcmp(prjcode, "moll")) strcat (opt_J, "W");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6912:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "sinu")) strcat (opt_J, "I");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6913:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "vandg")) strcat (opt_J, "V");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6914:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "robin")) strcat (opt_J, "N");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6915:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "wintri")) strcat (opt_J, "R");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6916:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (!strcmp(prjcode, "hammer")) strcat (opt_J, "H");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6921:46: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strncat(opt_J, &token[6], GMT_LEN256-1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:6925:46: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strncat(opt_J, &token[6], GMT_LEN256-1); strcat (opt_J, "/");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7094:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*scale_pos = (int)strlen(opt_J); /* The position at which the scale string will be appended */
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7110:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (k < strlen(szProj4))
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7262:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (szProj4);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7267:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (szProj4);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7271:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (szProj4);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7273:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(szProj4+strlen(szProj4), GMT_LEN512-len, " +datum=WGS84");
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7275:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (szProj4);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7669:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.memname, &(Out->arg[k]), GMT_VF_LEN-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7780:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (proj4name, GMT->current.proj.proj4[id].name, 15U);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7814:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.map_logo_label, gmt_current_name (GMT->init.module_name, not_used), GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7816:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.ps.map_logo_label, GMT->init.module_name, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7817:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (GMT->current.ps.map_logo_label);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7821:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (GMT->current.ps.map_logo_label, txt, GMT_LEN256-len);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:7823:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (GMT->current.ps.map_logo_label, opt->arg, GMT_LEN256-len);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9195:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ps_file, source, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9254:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) != EOF ) {
data/gmt-6.1.1+dfsg/src/gmt_plot.c:9291:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ps_file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_regexp.c:94:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(subject), /* the length of the subject */
data/gmt-6.1.1+dfsg/src/gmt_regexp.c:168:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(subject), /* the length of the subject */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:150:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, line, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:251:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (I[k].file);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:252:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (I[k].tag, I[k].file, len-1); /* Remote trailing slash */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:281:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((L = strlen (file) - 1) && file[L] == '/') file[L] = '\0'; /* Chop off trailing / that indicates directory of tiles */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:321:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (name_1);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:327:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int k = strlen (file) - 2; /* This jumps past any trailing / for tiles */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:350:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t Lfile = (cfile) ? (size_t)(cfile - &file[pos]) : strlen (&file[pos]); /* Length of key file name without extension */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:351:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t Lkey = (ckey) ? (size_t)(ckey - key->file) : strlen (key->file); /* Length of key file name without extension */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:442:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, &file[1], 7U); name[7] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_remote.c:972:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (local_path, file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1108:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (remote_path, file, PATH_MAX-1); /* Pass whatever we were given, no check possible */
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1117:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (remote_path, file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1290:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (API->remote_info[k].file);
data/gmt-6.1.1+dfsg/src/gmt_remote.c:1338:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (infile);
data/gmt-6.1.1+dfsg/src/gmt_support.c:227:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill->pattern, &line[first], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:307:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)MIN(strlen (fill->pattern),PATH_MAX) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:316:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (line);
data/gmt-6.1.1+dfsg/src/gmt_support.c:328:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (word, &line[pos], (size_t)(end - pos));
data/gmt-6.1.1+dfsg/src/gmt_support.c:394:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen (cpt_path);
data/gmt-6.1.1+dfsg/src/gmt_support.c:785:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, line, GMT_LEN64-1); /* Make local copy */
data/gmt-6.1.1+dfsg/src/gmt_support.c:786:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t = strstr (buffer, "@")) && strlen (t) > 1) { /* User requested transparency via @<transparency> */
data/gmt-6.1.1+dfsg/src/gmt_support.c:816:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) < 1) return (true); /* Nothing, which is bad */
data/gmt-6.1.1+dfsg/src/gmt_support.c:817:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = buffer[strlen(buffer)-1];
data/gmt-6.1.1+dfsg/src/gmt_support.c:910:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (word);
data/gmt-6.1.1+dfsg/src/gmt_support.c:944:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!isdigit ((unsigned char) name[strlen(name)-1])) return (-1); /* Starts with digit, ends with something else: cannot be */
data/gmt-6.1.1+dfsg/src/gmt_support.c:966:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Lname, name, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1019:35: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!strncmp (line, "dash", 4U)) strcpy (line, "-"); /* Accept "dash*" to mean - */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1020:34: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!strncmp (line, "dot", 3U)) strcpy (line, "."); /* Accept "dot*" to mean . */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1028:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (line, "-"); /* Accepted GMT4 style "a" to mean - */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1037:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (line, "."); /* Accepted GMT4 style "a" to mean - */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1039:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (line) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:1068:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string[strlen (string) - 1] = 0;
data/gmt-6.1.1+dfsg/src/gmt_support.c:1069:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) >= GMT_PEN_LEN) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:1073:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (P->style, string, GMT_PEN_LEN-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1095:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
P->style[strlen(P->style)-1] = '\0'; /* Chop off trailing space */
data/gmt-6.1.1+dfsg/src/gmt_support.c:1112:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (word);
data/gmt-6.1.1+dfsg/src/gmt_support.c:1693:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen (code);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2045:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L->name = gmt_M_memory (GMT, NULL, strlen (label)+1, char);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2066:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L->L[i].label = gmt_M_memory (GMT, NULL, strlen (G->L[i]->label)+1, char);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2682:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strlen (G->unit);
data/gmt-6.1.1+dfsg/src/gmt_support.c:2683:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (txt) + 1 + m + extra;
data/gmt-6.1.1+dfsg/src/gmt_support.c:2685:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen (G->prefix) + 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:2866:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t extra = (G->crossect) ? strlen (G->crossect_tag[i]) + 1 : 0; /* Need to increase allocated space */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4223:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "/"); /* Separate width from height */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4278:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_cpy, &text[options], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4296:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen (txt_len) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:4352:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (oldshit, &p[1], GMT_LEN128-3);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4361:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (oldshit, p, GMT_LEN128-2);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4376:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (oldshit, p, GMT_LEN128-2);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4383:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (ms->label, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4449:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = (unsigned int)strlen(text) - 1, colon = 0; text[k] && k > i && colon < 2; k--)
data/gmt-6.1.1+dfsg/src/gmt_support.c:4473:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmpstring, &text[colon], (size_t)(k-colon));
data/gmt-6.1.1+dfsg/src/gmt_support.c:4477:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp (p, "-")) strncpy (ms->label[order[k]], p, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4771:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t k = strlen (txt) - 1; /* Index of last character */
data/gmt-6.1.1+dfsg/src/gmt_support.c:4801:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (in_name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4803:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, in_name, length-4);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4816:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, in_name, length-4);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4871:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (head->name, basename (&name[pos]), GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4881:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf (&buffer[strlen(BB_string[bb])], "%s %s %s %s", c1, c2, c3, c4);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4901:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (flags) != head->n_required) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:4958:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (arg[k]) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:4961:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (arg[k]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:4965:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->string, &arg[k][1], len-2);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5096:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (col[2][strlen(col[2])-1] == 'p') /* Gave font size as a fixed point size that will not scale with symbol size */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5098:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->string = gmt_M_memory (GMT, NULL, strlen (col[3]) + 1, char);
data/gmt-6.1.1+dfsg/src/gmt_support.c:5396:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (Tout->segment[seg]->label) strncpy (ID, Tout->segment[seg]->label, GMT_BUFSIZ-1); /* Look for label in header */
data/gmt-6.1.1+dfsg/src/gmt_support.c:5454:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (Tout->segment[seg]->label) strncpy (ID, Tout->segment[seg]->label, GMT_BUFSIZ-1); /* Look for label in header */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6056:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (name); /* Get length of the file name */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6381:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Lname, name, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6407:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, line, GMT_LEN64-1); /* Make local copy */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6408:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t = strstr (buffer, "@")) && strlen (t) > 1) { /* User requested transparency via @<transparency> */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6434:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) < 1) return (true); /* Nothing, which is bad */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6435:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = buffer[strlen(buffer)-1];
data/gmt-6.1.1+dfsg/src/gmt_support.c:6516:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, buffer, k); /* Copy back the revised string */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6531:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, buffer, GMT_BUFSIZ-1); /* Work on a copy of the arguments */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6554:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill, name, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6555:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6559:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill, name, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6562:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6567:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill, name, GMT_LEN256-1); /* Copy size */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6568:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, size, GMT_LEN256-1); /* Place name where it belongs */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6569:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (size, fill, GMT_LEN256-1); /* Place size where it belongs */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6575:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6579:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6583:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fill, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6587:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, size, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6655:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (GMT_DIM_UNITS, line[strlen(line)-1])) return (true); /* Clearly ends with a explicit measure unit, so a pen */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6668:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, buffer, GMT_BUFSIZ-1); /* Work on a copy of the arguments */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6687:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v_args[BEG], &t[3], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6692:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v_args[END], &t[3], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6697:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v_args[BEG], &t2[2], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6698:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v_args[END], &t2[2], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6702:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mods, &c[1], GMT_LEN256-1); /* Get our copy of the modifiers */
data/gmt-6.1.1+dfsg/src/gmt_support.c:6727:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (T[n]) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:6798:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (style, color, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6799:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (color, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6803:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (style, color, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6806:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (color, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6813:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (style, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6817:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (color, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6821:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (style, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6825:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (color, width, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:6935:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = (unsigned int)strlen (p) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:7073:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, line, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7099:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = (int)strlen (line) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:7456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cpt_file, source, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7621:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (X->bfn[id].fill->pattern, name, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7681:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = line[strlen(line)-1];
data/gmt-6.1.1+dfsg/src/gmt_support.c:7688:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (X->data[n].annot) line[strlen(line)-1] = '\0'; /* Chop off this information so it does not affect our column count below */
data/gmt-6.1.1+dfsg/src/gmt_support.c:7744:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (X->data[n].fill->pattern, name, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:7752:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (chi, "-");
data/gmt-6.1.1+dfsg/src/gmt_support.c:7945:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LOX = strlen (file) - 8; /* Position of the L|O|X flag */
data/gmt-6.1.1+dfsg/src/gmt_support.c:8162:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (arg); k++) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:8627:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cpt_file, dest, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:8708:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (P->categorical == 2) strncpy (lo, P->data[i].key, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9014:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9372:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen(arg);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9469:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (&(arg[j])) == 2) { /* Standard :LH syntax */
data/gmt-6.1.1+dfsg/src/gmt_support.c:9517:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (string) == 2) { /* Standard +lLH syntax */
data/gmt-6.1.1+dfsg/src/gmt_support.c:9596:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((L = strlen (txt_a)) && txt_a[L-1] == '%') txt_a[L-1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_support.c:9598:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (k == 2 && (L = strlen (txt_b)) && txt_b[L-1] == '%') txt_b[L-1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_support.c:9645:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (G->label, &p[1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9681:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (G->label, &p[1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9722:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (G->label_file, &p[1], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9726:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (G->unit, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9748:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (G->crossect_tag[1], "'");
data/gmt-6.1.1+dfsg/src/gmt_support.c:9754:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (G->prefix, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9776:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (L->option, &txt[1], GMT_BUFSIZ-1); /* May need to process L->option later after -R,-J have been set */
data/gmt-6.1.1+dfsg/src/gmt_support.c:9830:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (L->file, &txt[1], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9844:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (txt_a) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:9929:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (G->fill, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9948:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (p[1]) strncpy (G->pen, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9955:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (G->size, &s[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9957:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (G->symbol_code, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:9961:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (G->size, &p[2], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10010:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (L->option, &txt[1], GMT_BUFSIZ-1); /* May need to process L->option later after -R,-J have been set */
data/gmt-6.1.1+dfsg/src/gmt_support.c:10059:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (L->file, &txt[1], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10073:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (txt_a) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:10109:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = s = 0; len = strlen (p);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10134:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (GMT_LEN_UNITS, p2[strlen(p2)-1])) l_unit[id] = p2[strlen(p2)-1];
data/gmt-6.1.1+dfsg/src/gmt_support.c:10134:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (GMT_LEN_UNITS, p2[strlen(p2)-1])) l_unit[id] = p2[strlen(p2)-1];
data/gmt-6.1.1+dfsg/src/gmt_support.c:10249:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = p_mode = s = 0; len = strlen (p);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10255:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (modifiers, &p[s], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:10976:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (string, "0");
data/gmt-6.1.1+dfsg/src/gmt_support.c:11017:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = 0, olen = (int)strlen (tmp), k = (x < 0) ? 1 : 0;
data/gmt-6.1.1+dfsg/src/gmt_support.c:11127:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, unit, 80U);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11129:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_length = strlen(unit);
data/gmt-6.1.1+dfsg/src/gmt_support.c:11145:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)MIN(strlen(GMT->current.setting.format_float_map), GMT_LEN64) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:12707:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (q[k]) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:12789:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(txt_d) - 1;
data/gmt-6.1.1+dfsg/src/gmt_support.c:12895:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (gmt_M_is_geographic (GMT, GMT_IN) && isalpha ((int)string[n = (int)strlen (string) - 1])) { /* Letter at end of distance value */
data/gmt-6.1.1+dfsg/src/gmt_support.c:12975:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (string[0]) strncpy (ms->label, string, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13107:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen (string); len > 0; len--) if (string[len-1] == ',') n_comma++;
data/gmt-6.1.1+dfsg/src/gmt_support.c:13110:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (pp[0] == '\0' || strcmp (pp, "-")) strncpy (ms->label[order[k]], pp, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13345:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13391:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr ("\"\'", p[1]) && p[1] == p[strlen(p)-1]) { /* Eliminate quotes */
data/gmt-6.1.1+dfsg/src/gmt_support.c:13393:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt[strlen(txt)-1] = '\0';
data/gmt-6.1.1+dfsg/src/gmt_support.c:13423:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = (unsigned int)strlen (string);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13457:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (&token[1], &token[2], strlen(token)-3);
data/gmt-6.1.1+dfsg/src/gmt_support.c:13499:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (key, def, 2U); /* Override using default code */
data/gmt-6.1.1+dfsg/src/gmt_support.c:13526:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s_length = strlen(key);
data/gmt-6.1.1+dfsg/src/gmt_support.c:14664:49: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (GMT->current.plot.calclock.geo.wesn == 2) strcat (hemi, " ");
data/gmt-6.1.1+dfsg/src/gmt_support.c:15416:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD Size = (DWORD)_tcslen (name);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15726:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_length = strlen (list[n]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15880:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_x, &arg[k], 2); txt_x[2] = 0;
data/gmt-6.1.1+dfsg/src/gmt_support.c:15881:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (the_rest, &arg[n], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15896:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (the_rest, &arg[n], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:15898:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mode == GMT_REFPOINT_NOTSET && strlen (arg) == 2 && strchr ("LMRBCT", toupper(arg[GMT_X])) && strchr ("LMRBCT", toupper(arg[GMT_Y]))) { /* Apparently a 2-char justification code */
data/gmt-6.1.1+dfsg/src/gmt_support.c:15903:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (txt_x, "0"); strcpy (txt_y, "0");
data/gmt-6.1.1+dfsg/src/gmt_support.c:15903:26: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (txt_x, "0"); strcpy (txt_y, "0");
data/gmt-6.1.1+dfsg/src/gmt_support.c:15921:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (GMT_DIM_UNITS, txt_x[strlen(txt_x)-1])) /* x position included a unit */
data/gmt-6.1.1+dfsg/src/gmt_support.c:15923:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strchr (GMT_DIM_UNITS, txt_y[strlen(txt_y)-1])) /* y position included a unit */
data/gmt-6.1.1+dfsg/src/gmt_support.c:15925:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (txt_x) == 2 && strchr ("LMRBCT", toupper(txt_x[GMT_X])) && strchr ("LMRBCT", toupper(txt_x[GMT_Y]))) /* Apparently a 2-char justification code */
data/gmt-6.1.1+dfsg/src/gmt_support.c:16047:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16284:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (mem > 1024.0 && kind < strlen(unit)) { mem /= 1024.0; kind++; } /* Goto next higher unit */
data/gmt-6.1.1+dfsg/src/gmt_support.c:16305:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < argc; k++) len += strlen (argv[k]);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16309:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (string, " ");
data/gmt-6.1.1+dfsg/src/gmt_support.c:16413:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0, *n = 1; k < strlen (list); k++) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:16574:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (gmt_M_compat_check (GMT, 5) && argument[strlen(argument)-1] == '+') { /* Old-style + instead of +n */
data/gmt-6.1.1+dfsg/src/gmt_support.c:16597:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (txt[ns]); if (len) len--; /* Now txt[ns][len] holds a unit (or not) */
data/gmt-6.1.1+dfsg/src/gmt_support.c:16917:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cmd, program, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16922:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cmd, program, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/gmt_support.c:16924:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (cmd, " ");
data/gmt-6.1.1+dfsg/src/gmt_support.c:17052:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (list); k++) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:17054:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (opts, string, 3U);
data/gmt-6.1.1+dfsg/src/gmt_support.c:17066:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (opts, string, 1U); break;
data/gmt-6.1.1+dfsg/src/gmt_support.c:17249:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
return (usleep ((useconds_t)microsec));
data/gmt-6.1.1+dfsg/src/gmt_support.c:17369:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (k < 3 && (L = strlen (file)) > 3 && !strncmp (&file[L-3], ".ps", 3U)) {
data/gmt-6.1.1+dfsg/src/gmt_support.c:17483:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (line) >= GMT_LEN128) return false; /* Cannot be gmt begin */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17489:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L = strlen (module); /* How many characters to compare against */
data/gmt-6.1.1+dfsg/src/gmt_support.c:17497:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (line) >= GMT_LEN128) return false; /* Cannot be gmt end show */
data/gmt-6.1.1+dfsg/src/gmtconnect.c:659:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, &pp[2], GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name0, &pp[2], GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:671:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name1, &pp[2], GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:705:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b_len = strlen (buffer);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:715:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b_len += strlen (text);
data/gmt-6.1.1+dfsg/src/gmtconnect.c:745:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (text);
data/gmt-6.1.1+dfsg/src/gmtconvert.c:661:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (D[GMT_IN]->table[use_tbl]->segment[seg]->text && D[GMT_IN]->table[use_tbl]->segment[seg]->text[row]) tlen += strlen (D[GMT_IN]->table[use_tbl]->segment[seg]->text[row]) + 1; /* String + separator */
data/gmt-6.1.1+dfsg/src/gmtget.c:253:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dataset[strlen(dataset)-1] == '/') { /* Tiles */
data/gmt-6.1.1+dfsg/src/gmtget.c:254:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dataset[strlen(dataset)-1] = '\0'; /* Chop off slash */
data/gmt-6.1.1+dfsg/src/gmtinfo.c:683:105: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XLO], GMT_X); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:684:105: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XHI], GMT_X); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:686:103: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[YLO], GMT_Y); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:693:110: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XLO], Ctrl->T.col); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:694:110: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
i = gmtinfo_strip_blanks_and_output (GMT, buffer, wesn[XHI], Ctrl->T.col); strcat (record, &buffer[i]); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:699:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (Out->text) strncpy (record, chosen, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:753:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (brackets) strcat (record, "<");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:759:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (brackets) strcat (record, ">");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:760:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (col < (ncol - 1)) strcat (record, "\t");
data/gmt-6.1.1+dfsg/src/gmtinfo.c:866:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (In->text) strncpy (chosen, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:871:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (In->text) strncpy (chosen, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtinfo.c:903:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (file[0] == 0) strncpy (file, GMT->current.io.filename[GMT_IN], PATH_MAX-1); /* Grab name of current file while we can */
data/gmt-6.1.1+dfsg/src/gmtmath.c:5867:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (txt, GMTMATH_STORE_CMD, strlen(GMTMATH_STORE_CMD))) return GMTMATH_ARG_IS_STORE; /* store into mem location @<label>*/
data/gmt-6.1.1+dfsg/src/gmtmath.c:5868:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (txt, GMTMATH_CLEAR_CMD, strlen(GMTMATH_CLEAR_CMD))) return GMTMATH_ARG_IS_CLEAR; /* free mem location @<label>*/
data/gmt-6.1.1+dfsg/src/gmtmath.c:5869:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (txt, GMTMATH_RECALL_CMD, strlen(GMTMATH_RECALL_CMD))) return GMTMATH_ARG_IS_RECALL; /* load from mem location @<label>*/
data/gmt-6.1.1+dfsg/src/gmtmath.c:5888:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, txt, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/gmtmath.c:5906:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = strlen (txt) - 1; /* Position of last character in string */
data/gmt-6.1.1+dfsg/src/gmtmath.c:5940:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (*arg, "CHIDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("CHI2CDF"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5941:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "CHICRIT")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("CHI2CRIT"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5942:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "CPOISS")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("PCDF"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5943:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "FDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("FCDF"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5944:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "MED")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("MEDIAN"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5945:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "TDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("TCDF"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5946:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "Tn")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("TNORM"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5947:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "ZDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("ZCDF"); }
data/gmt-6.1.1+dfsg/src/gmtmath.c:5975:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (arg) < 7) return false;
data/gmt-6.1.1+dfsg/src/gmtselect.c:76:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal; /* Just check if z == min within 5 ULps */
data/gmt-6.1.1+dfsg/src/gmtselect.c:422:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, opt->arg, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/gmtselect.c:423:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buffer[strlen(buffer)-1] == 'o' && gmt_M_compat_check (GMT, 4)) { /* Edge is considered outside */
data/gmt-6.1.1+dfsg/src/gmtselect.c:427:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = 0;
data/gmt-6.1.1+dfsg/src/gmtselect.c:824:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if (Ctrl->Z.limit[k].equal) {
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1042:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr (s, "++") || (s[0] && s[strlen(s)-1] == '+')) { /* Deal with the old-style single "+" to mean header */
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1385:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1647:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S2->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1658:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S2->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1677:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S2->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1712:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (GMT->current.io.segment_header, S2->header, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:1985:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (S->header) { strncpy (buffer, S->header, GMT_BUFSIZ-1); gmt_M_str_free (S->header); }
data/gmt-6.1.1+dfsg/src/gmtspatial.c:2163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
S2->header = realloc (S2->header, strlen (S2->header) + 5U);
data/gmt-6.1.1+dfsg/src/gmtspatial.c:2164:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (S2->header, " -Ph", 4U);
data/gmt-6.1.1+dfsg/src/gmtwhich.c:166:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (path, "N");
data/gmt-6.1.1+dfsg/src/gmtwhich.c:175:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (path, "Y");
data/gmt-6.1.1+dfsg/src/gmtwhich.c:278:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (path, &L[1], strlen (&L[1])+1); /* Report the file in the local directory now */
data/gmt-6.1.1+dfsg/src/grd2xyz.c:394:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (item);
data/gmt-6.1.1+dfsg/src/grd2xyz.c:401:44: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (col < (G->header->n_columns-1)) { strcat (record, " "); rec_len++;}
data/gmt-6.1.1+dfsg/src/grd2xyz.c:437:33: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!G->header->x_units[0]) strcpy (G->header->x_units, "x");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:438:33: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!G->header->y_units[0]) strcpy (G->header->y_units, "y");
data/gmt-6.1.1+dfsg/src/grd2xyz.c:443:33: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!G->header->z_units[0]) strcpy (G->header->z_units, "z");
data/gmt-6.1.1+dfsg/src/grdblend.c:298:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tile, &(L[n].file[1]), 7U);
data/gmt-6.1.1+dfsg/src/grdblend.c:303:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (B[n].file, L[n].file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/grdblend.c:473:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (B[n].file, buffer, PATH_MAX-1); /* Use the temporary file instead */
data/gmt-6.1.1+dfsg/src/grdcontour.c:286:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->Z.periodic = (txt[strlen(txt)-1] == 'p'); /* Phase data */
data/gmt-6.1.1+dfsg/src/grdcontour.c:384:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t last = strlen (opt->arg) - 1;
data/gmt-6.1.1+dfsg/src/grdcontour.c:454:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_a, &opt->arg[k], (size_t)(n-k)); txt_a[n-k] = '\0';
data/gmt-6.1.1+dfsg/src/grdcontour.c:817:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = o = 0; i < strlen (orig); i++) { /* Process each character in input */
data/gmt-6.1.1+dfsg/src/grdcontour.c:900:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cptfile, optN->arg, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/grdcontour.c:901:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((L = strlen (optN->arg)) >= 4 && !strncmp (&optN->arg[L-4], ".cpt", 4U)) { /* Gave a cpt argument, check that it is valid */
data/gmt-6.1.1+dfsg/src/grdcontour.c:906:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cptfile, optN->arg, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/grdcontour.c:936:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((L = strlen (opt->arg)) >= 4 && !strncmp (&opt->arg[L-4], ".cpt", 4U)) { /* Gave a -C<cpt> argument, check that it is valid */
data/gmt-6.1.1+dfsg/src/grdcontour.c:1179:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (Ctrl->contour.unit, "z")) strncpy (Ctrl->contour.unit, G->header->z_units, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/grdconvert.c:248:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname[GMT_IN], HH->name, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/grdconvert.c:252:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname[GMT_OUT], HH->name, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/grdconvert.c:306:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(command, Grid->header->command, GMT_GRID_COMMAND_LEN320-13);
data/gmt-6.1.1+dfsg/src/grdedit.c:467:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (h_tr->x_units, G->header->y_units, GMT_GRID_UNIT_LEN80);
data/gmt-6.1.1+dfsg/src/grdedit.c:471:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (h_tr->y_units, G->header->x_units, GMT_GRID_UNIT_LEN80);
data/gmt-6.1.1+dfsg/src/grdfft.c:482:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, c, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/grdfill.c:258:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (method, "c");
data/gmt-6.1.1+dfsg/src/grdfilter.c:665:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t L = strlen (text);
data/gmt-6.1.1+dfsg/src/grdfilter.c:748:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, opt->arg, GMT_LEN256-1); /* Work on a copy so we don't have to worry about chopping off modifiers*/
data/gmt-6.1.1+dfsg/src/grdfilter.c:822:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = opt->arg[strlen(txt)-1];
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:499:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, opt->arg, GMT_LEN256); /* Work on a copy */
data/gmt-6.1.1+dfsg/src/grdfilter_mt.c:528:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = opt->arg[strlen(txt)-1];
data/gmt-6.1.1+dfsg/src/grdimage.c:254:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = strlen (opt->arg)) > 0) {
data/gmt-6.1.1+dfsg/src/grdimage.c:261:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((n = strlen (opt->arg)) == 0) {
data/gmt-6.1.1+dfsg/src/grdimage.c:278:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (Ctrl->A.file) - 1;
data/gmt-6.1.1+dfsg/src/grdinfo.c:274:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, opt->arg, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/grdinfo.c:397:89: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, out[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:398:89: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, out[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:399:89: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, out[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:455:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "/"); strcat (text, tmptxt);
data/gmt-6.1.1+dfsg/src/grdinfo.c:465:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, "/"); strcat (text, tmptxt);
data/gmt-6.1.1+dfsg/src/grdinfo.c:662:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (Ctrl->T.mode & 2) strncpy (grdfile, opt->arg, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/grdinfo.c:744:99: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, G->header->wesn[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:745:99: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, G->header->wesn[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:746:99: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, G->header->wesn[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:826:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isalpha ((int)text[strlen(text)-1])) text[strlen(text)-1] = '\0'; /* Chop of trailing WESN flag here */
data/gmt-6.1.1+dfsg/src/grdinfo.c:826:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isalpha ((int)text[strlen(text)-1])) text[strlen(text)-1] = '\0'; /* Chop of trailing WESN flag here */
data/gmt-6.1.1+dfsg/src/grdinfo.c:829:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isalpha ((int)text[strlen(text)-1])) text[strlen(text)-1] = '\0'; /* Chop of trailing WESN flag here */
data/gmt-6.1.1+dfsg/src/grdinfo.c:829:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isalpha ((int)text[strlen(text)-1])) text[strlen(text)-1] = '\0'; /* Chop of trailing WESN flag here */
data/gmt-6.1.1+dfsg/src/grdinfo.c:1128:89: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, global_zmin, GMT_OUT, GMT_Z); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1131:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1162:90: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, global_xmin, GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1163:90: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, global_xmax, GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinfo.c:1164:90: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, global_ymin, GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/grdinterpolate.c:465:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prof_args, Ctrl->E.lines, GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:178:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:202:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, opt->arg, GMT_LEN256);
data/gmt-6.1.1+dfsg/src/grdlandmask.c:203:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == 'o' && gmt_M_compat_check (GMT, 4)) { /* Edge is considered outside */
data/gmt-6.1.1+dfsg/src/grdlandmask.c:207:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = 0;
data/gmt-6.1.1+dfsg/src/grdmask.c:226:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (opt->arg[strlen(opt->arg)-1] == 'c') { /* A n of cells request for radius. The problem is that */
data/gmt-6.1.1+dfsg/src/grdmask.c:244:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
S_copy[strlen(S_copy)-1] = '\0'; /* Drop the 'c' */
data/gmt-6.1.1+dfsg/src/grdmath.c:5949:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (*arg, "CHIDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("CHI2CDF"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5950:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "CHICRIT")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("CHI2CRIT"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5951:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "CPOISS")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("PCDF"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5952:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "FDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("FCDF"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5953:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "MED")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("MEDIAN"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5954:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "TDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("TCDF"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5955:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "Xn")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("XNORM"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5956:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "Yn")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("YNORM"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5957:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if (!strcmp (*arg, "ZDIST")) {strncpy (old, *arg, GMT_LEN16-1); gmt_M_str_free (*arg); *arg = t = strdup ("ZCDF"); }
data/gmt-6.1.1+dfsg/src/grdmath.c:5983:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (opt->arg, GRDMATH_STORE_CMD, strlen(GRDMATH_STORE_CMD))) return GRDMATH_ARG_IS_STORE; /* store into mem location @<label> */
data/gmt-6.1.1+dfsg/src/grdmath.c:5984:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (opt->arg, GRDMATH_CLEAR_CMD, strlen(GRDMATH_CLEAR_CMD))) return GRDMATH_ARG_IS_CLEAR; /* clear mem location @<label> */
data/gmt-6.1.1+dfsg/src/grdmath.c:5985:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (opt->arg, GRDMATH_RECALL_CMD, strlen(GRDMATH_RECALL_CMD))) return GRDMATH_ARG_IS_RECALL; /* load from mem location @<label> */
data/gmt-6.1.1+dfsg/src/grdproject.c:385:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (unit_name, scale_unit_name, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/grdproject.c:600:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Rect->header->x_units, unit_name, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/grdproject.c:601:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Rect->header->y_units, unit_name, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/grdtrend.c:408:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (pbasis[1], "X");
data/gmt-6.1.1+dfsg/src/grdtrend.c:409:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (pbasis[2], "Y");
data/gmt-6.1.1+dfsg/src/grdvector.c:273:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (opt->arg) - 1; /* Location of expected unit */
data/gmt-6.1.1+dfsg/src/grdview.c:673:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (gmt_M_compat_check (GMT, 4) && opt->arg[strlen(opt->arg)-1] == 'g') {
data/gmt-6.1.1+dfsg/src/grdview.c:719:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_a, opt->arg, n); txt_a[n] = '\0';
data/gmt-6.1.1+dfsg/src/img/img2grd.c:271:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L = strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:639:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Merc->header->z_units, z_units, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:787:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (output, Ctrl->G.file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/img/img2grd.c:814:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Geo->header->z_units, z_units, GMT_GRID_UNIT_LEN80-1);
data/gmt-6.1.1+dfsg/src/inset.c:346:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (Bopts, "# FRAME: ", 9U) && strlen (Bopts) > 9 && Bopts[9]) { /* Got a previously saved -B frame setting */
data/gmt-6.1.1+dfsg/src/kml2gmt.c:259:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (line);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:265:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, &line[start], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:280:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (description, &line[start], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/kml2gmt.c:293:115: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (name[0]) { strcat (GMT->current.io.segment_header, "-L\""); strcat (GMT->current.io.segment_header, name); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/kml2gmt.c:294:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (name[0] && description[0]) strcat (GMT->current.io.segment_header, " ");
data/gmt-6.1.1+dfsg/src/kml2gmt.c:295:129: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (description[0]) { strcat (GMT->current.io.segment_header, "-D\""); strcat (GMT->current.io.segment_header, description); strcat (GMT->current.io.segment_header, "\""); }
data/gmt-6.1.1+dfsg/src/mapproject.c:302:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (Ctrl->L.file) - 1; /* Index of last character */
data/gmt-6.1.1+dfsg/src/mapproject.c:331:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (arg);
data/gmt-6.1.1+dfsg/src/mapproject.c:360:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = strlen (arg) - 1;
data/gmt-6.1.1+dfsg/src/mapproject.c:635:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (to, "-");
data/gmt-6.1.1+dfsg/src/mapproject.c:636:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (from, &opt->arg[k], GMT_LEN256);
data/gmt-6.1.1+dfsg/src/mapproject.c:1052:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (unit_name, scale_unit_name, GMT_LEN64);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:125:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
F->MGD77_HOME = gmt_M_memory (GMT, NULL, strlen (this_c) + 1, char);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:129:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
F->MGD77_HOME = gmt_M_memory (GMT, NULL, strlen (GMT->session.SHAREDIR) + 7, char);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:276:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
F->MGD77_datadir[0] = gmt_M_memory (GMT, NULL, strlen (F->MGD77_HOME) + 1, char);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:291:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
F->MGD77_datadir[F->n_MGD77_paths] = gmt_M_memory (GMT, NULL, strlen (line) + 1, char);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (txt) && (txt[i] == ' ' || txt[i] == '-' || txt[i] == '+'); i++);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:339:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; i < strlen (txt); i++) if (!isdigit((int)txt[i])) return (-9999);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:643:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, record, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:885:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = fgetc (fp); /* Read the first character from the file stream */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1190:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(line)) != MGD77_RECORD_LENGTH) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1204:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (currentField, &line[mgd77defs[i].start-1], mgd77defs[i].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1224:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (currentField,&line[mgd77defs[i].start-1], mgd77defs[i].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (currentField);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1281:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (r_date, "5"); set_a_val (r_date, MGD77_RECTYPE); /* Since it is not part of the MGD77T record per se */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1439:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&text[n_txt++][rec*Clength[k]], MGD77Record.word[k], Clength[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1506:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mgd77_wrong_filler (MGD77Record->word[1], strlen (MGD77Record->word[1]))) MGD77Record->word[1][0] = 0;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1507:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mgd77_wrong_filler (MGD77Record->word[2], strlen (MGD77Record->word[2]))) MGD77Record->word[2][0] = 0;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1510:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_text (0); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1511:31: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_TZ, "%d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1512:98: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_YEAR, "%04d"); place_int (MGD77_MONTH, "%02d"); place_int (MGD77_DAY, "%02d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1514:92: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (!gmt_M_is_dnan (r_time)) { sprintf (buffer, "%.8g", r_time); strcat (line, buffer); } strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1515:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_LATITUDE, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1516:41: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_LONGITUDE, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1517:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_PTC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1518:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_NQC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1519:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_TWT, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1520:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_DEPTH, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1521:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_BCC, "%2d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1522:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_BTC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1523:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77T_BQC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1524:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_MTF1, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1525:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_MTF2, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1526:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_MAG, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1527:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77_MSENS, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1528:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_DIUR, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1529:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_MSD, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1530:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77T_MQC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1531:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_GOBS, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1532:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_EOT, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1533:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_float (MGD77_FAA, "%.8g"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1534:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_int (MGD77T_GQC, "%1d"); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1535:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
place_text (1); strcat (line, "\t");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1539:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = line + strlen (line);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1645:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77Record.word[k], &text[col[id]][rec*Clength[k]], Clength[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1647:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77Record.word[k], ALL_NINES, Clength[k]);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1759:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "Conventions", strlen (MGD77_CDF_CONVENTION) + 1, (const char *)MGD77_CDF_CONVENTION));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1760:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "Version", strlen(MGD77_CDF_VERSION), (const char *)MGD77_CDF_VERSION));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1761:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "Author", strlen (H->author), H->author));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1763:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "title", strlen (string), string));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1767:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (string);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1775:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "history", strlen (H->history), H->history));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1776:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (H->E77 && strlen(H->E77) > 0)
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1777:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, NC_GLOBAL, "E77", strlen (H->E77), H->E77));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1818:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, var_id, "long_name", strlen (H->info[set].col[id].name), H->info[set].col[id].name));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1820:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, var_id, "units", strlen (H->info[set].col[id].units), H->info[set].col[id].units));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1824:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (F->nc_id, var_id, "comment", strlen (H->info[set].col[id].comment), H->info[set].col[id].comment));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:1981:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (rec = 1; rec < count[0]; rec++) strncpy (&text[rec*count[1]], text, count[1]); /* Replicate one string */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2187:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rec_in > rec) strncpy (&text[rec*count[1]], &text[rec_in*count[1]], count[1]); /* Must shuffle text records */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2702:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (track, '.') && (strlen(track)-strlen(MGD77_suffix[fmt])) > 0 && !strncmp (&track[strlen(track)-strlen(MGD77_suffix[fmt])], MGD77_suffix[fmt], strlen(MGD77_suffix[fmt])))
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2702:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (track, '.') && (strlen(track)-strlen(MGD77_suffix[fmt])) > 0 && !strncmp (&track[strlen(track)-strlen(MGD77_suffix[fmt])], MGD77_suffix[fmt], strlen(MGD77_suffix[fmt])))
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2702:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (track, '.') && (strlen(track)-strlen(MGD77_suffix[fmt])) > 0 && !strncmp (&track[strlen(track)-strlen(MGD77_suffix[fmt])], MGD77_suffix[fmt], strlen(MGD77_suffix[fmt])))
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2702:110: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (track, '.') && (strlen(track)-strlen(MGD77_suffix[fmt])) > 0 && !strncmp (&track[strlen(track)-strlen(MGD77_suffix[fmt])], MGD77_suffix[fmt], strlen(MGD77_suffix[fmt])))
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2702:157: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr (track, '.') && (strlen(track)-strlen(MGD77_suffix[fmt])) > 0 && !strncmp (&track[strlen(track)-strlen(MGD77_suffix[fmt])], MGD77_suffix[fmt], strlen(MGD77_suffix[fmt])))
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2757:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (geo_path, track, PATH_MAX-1); /* Extension already there */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2822:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(leg)-strlen(MGD77_suffix[k])) > 0 && !strncmp (&leg[strlen(leg)-strlen(MGD77_suffix[k])], MGD77_suffix[k], strlen(MGD77_suffix[k]))) has_suffix = k;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2822:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(leg)-strlen(MGD77_suffix[k])) > 0 && !strncmp (&leg[strlen(leg)-strlen(MGD77_suffix[k])], MGD77_suffix[k], strlen(MGD77_suffix[k]))) has_suffix = k;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2822:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(leg)-strlen(MGD77_suffix[k])) > 0 && !strncmp (&leg[strlen(leg)-strlen(MGD77_suffix[k])], MGD77_suffix[k], strlen(MGD77_suffix[k]))) has_suffix = k;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2822:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(leg)-strlen(MGD77_suffix[k])) > 0 && !strncmp (&leg[strlen(leg)-strlen(MGD77_suffix[k])], MGD77_suffix[k], strlen(MGD77_suffix[k]))) has_suffix = k;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2822:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(leg)-strlen(MGD77_suffix[k])) > 0 && !strncmp (&leg[strlen(leg)-strlen(MGD77_suffix[k])], MGD77_suffix[k], strlen(MGD77_suffix[k]))) has_suffix = k;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2827:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->path, leg, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2842:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (F->path);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2848:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->NGDC_id, &F->path[start], MAX(MGD77_COL_ABBREV_LEN-1,(unsigned int)len));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2971:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = fgetc( F->fp )) != EOF ) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2984:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_eols = (line[strlen(line)-1] == '\n' && line[strlen(line)-2] == '\r') ? 2 : 1;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:2984:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_eols = (line[strlen(line)-1] == '\n' && line[strlen(line)-2] == '\r') ? 2 : 1;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3860:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (item);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3886:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (MGD77_Header_Lookup[pick[i]].name) == length) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:3955:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(format); i++) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4001:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->user, name, MGD77_COL_ABBREV_LEN);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4094:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cstring, arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4125:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (word, p, (size_t)(k-1));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4128:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, &p[k], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4131:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (word, p, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4135:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (word);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4158:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->Constraint[F->n_constraints].name, word, MGD77_COL_ABBREV_LEN-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4159:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->Constraint[F->n_constraints].c_constraint, value, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4175:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->Exact[F->n_exact].name, word, MGD77_COL_ABBREV_LEN);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4194:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (F->Bit_test[i].name, &p[1], MGD77_COL_ABBREV_LEN-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4303:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[0] == '#' || line[0] == '>' || (length = strlen (line)) == 0) continue; /* Skip comments and blank lines */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4320:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)strlen (opt->arg)-1; i >= 0 && opt->arg[i] != '.'; --i); /* Wind back to last period (or get i == -1) */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4322:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (this_arg, opt->arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4323:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (this_arg);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4329:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (this_arg, opt->arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4330:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (this_arg);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4368:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (unsigned int)strlen (d_name); if (k > 0) k--; /* was k = (unsigned int)strlen(d_name) - 1; */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4372:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (L[n], d_name, k);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4475:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char c = dist[strlen(dist)-1]; /* Last char in argument, which may have a unit */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77.c:4480:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (dist[strlen(dist)-1]) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:103:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Identifier", strlen (P[0]->Survey_Identifier), P[0]->Survey_Identifier, strlen (P[1]->Survey_Identifier), P[1]->Survey_Identifier, L[MGD77_Param_Key(C,1,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:103:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Identifier", strlen (P[0]->Survey_Identifier), P[0]->Survey_Identifier, strlen (P[1]->Survey_Identifier), P[1]->Survey_Identifier, L[MGD77_Param_Key(C,1,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:104:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Format_Acronym", strlen (P[0]->Format_Acronym), P[0]->Format_Acronym, strlen (P[1]->Format_Acronym), P[1]->Format_Acronym, L[MGD77_Param_Key(C,1,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:104:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Format_Acronym", strlen (P[0]->Format_Acronym), P[0]->Format_Acronym, strlen (P[1]->Format_Acronym), P[1]->Format_Acronym, L[MGD77_Param_Key(C,1,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:105:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Data_Center_File_Number", strlen (P[0]->Data_Center_File_Number), P[0]->Data_Center_File_Number, strlen (P[1]->Data_Center_File_Number), P[1]->Data_Center_File_Number, L[MGD77_Param_Key(C,1,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:105:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Data_Center_File_Number", strlen (P[0]->Data_Center_File_Number), P[0]->Data_Center_File_Number, strlen (P[1]->Data_Center_File_Number), P[1]->Data_Center_File_Number, L[MGD77_Param_Key(C,1,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:106:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Parameters_Surveyed_Code", strlen (P[0]->Parameters_Surveyed_Code), P[0]->Parameters_Surveyed_Code, strlen (P[1]->Parameters_Surveyed_Code), P[1]->Parameters_Surveyed_Code, L[MGD77_Param_Key(C,1,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:106:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Parameters_Surveyed_Code", strlen (P[0]->Parameters_Surveyed_Code), P[0]->Parameters_Surveyed_Code, strlen (P[1]->Parameters_Surveyed_Code), P[1]->Parameters_Surveyed_Code, L[MGD77_Param_Key(C,1,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:107:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Year", strlen (P[0]->File_Creation_Year), P[0]->File_Creation_Year, strlen (P[1]->File_Creation_Year), P[1]->File_Creation_Year, L[MGD77_Param_Key(C,1,10)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:107:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Year", strlen (P[0]->File_Creation_Year), P[0]->File_Creation_Year, strlen (P[1]->File_Creation_Year), P[1]->File_Creation_Year, L[MGD77_Param_Key(C,1,10)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:108:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Month", strlen (P[0]->File_Creation_Month), P[0]->File_Creation_Month, strlen (P[1]->File_Creation_Month), P[1]->File_Creation_Month, L[MGD77_Param_Key(C,1,11)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:108:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Month", strlen (P[0]->File_Creation_Month), P[0]->File_Creation_Month, strlen (P[1]->File_Creation_Month), P[1]->File_Creation_Month, L[MGD77_Param_Key(C,1,11)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:109:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Day", strlen (P[0]->File_Creation_Day), P[0]->File_Creation_Day, strlen (P[1]->File_Creation_Day), P[1]->File_Creation_Day, L[MGD77_Param_Key(C,1,12)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:109:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "File_Creation_Day", strlen (P[0]->File_Creation_Day), P[0]->File_Creation_Day, strlen (P[1]->File_Creation_Day), P[1]->File_Creation_Day, L[MGD77_Param_Key(C,1,12)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:110:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Source_Institution", strlen (P[0]->Source_Institution), P[0]->Source_Institution, strlen (P[1]->Source_Institution), P[1]->Source_Institution, L[MGD77_Param_Key(C,1,13)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:110:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Source_Institution", strlen (P[0]->Source_Institution), P[0]->Source_Institution, strlen (P[1]->Source_Institution), P[1]->Source_Institution, L[MGD77_Param_Key(C,1,13)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:111:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Country", strlen (P[0]->Country), P[0]->Country, strlen (P[1]->Country), P[1]->Country, L[MGD77_Param_Key(C,2,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:111:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Country", strlen (P[0]->Country), P[0]->Country, strlen (P[1]->Country), P[1]->Country, L[MGD77_Param_Key(C,2,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:112:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Platform_Name", strlen (P[0]->Platform_Name), P[0]->Platform_Name, strlen (P[1]->Platform_Name), P[1]->Platform_Name, L[MGD77_Param_Key(C,2,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:112:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Platform_Name", strlen (P[0]->Platform_Name), P[0]->Platform_Name, strlen (P[1]->Platform_Name), P[1]->Platform_Name, L[MGD77_Param_Key(C,2,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:114:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Platform_Type", strlen (P[0]->Platform_Type), P[0]->Platform_Type, strlen (P[1]->Platform_Type), P[1]->Platform_Type, L[MGD77_Param_Key(C,2,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:114:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Platform_Type", strlen (P[0]->Platform_Type), P[0]->Platform_Type, strlen (P[1]->Platform_Type), P[1]->Platform_Type, L[MGD77_Param_Key(C,2,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:115:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Chief_Scientist", strlen (P[0]->Chief_Scientist), P[0]->Chief_Scientist, strlen (P[1]->Chief_Scientist), P[1]->Chief_Scientist, L[MGD77_Param_Key(C,2,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:115:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Chief_Scientist", strlen (P[0]->Chief_Scientist), P[0]->Chief_Scientist, strlen (P[1]->Chief_Scientist), P[1]->Chief_Scientist, L[MGD77_Param_Key(C,2,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:116:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Project_Cruise_Leg", strlen (P[0]->Project_Cruise_Leg), P[0]->Project_Cruise_Leg, strlen (P[1]->Project_Cruise_Leg), P[1]->Project_Cruise_Leg, L[MGD77_Param_Key(C,3,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:116:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Project_Cruise_Leg", strlen (P[0]->Project_Cruise_Leg), P[0]->Project_Cruise_Leg, strlen (P[1]->Project_Cruise_Leg), P[1]->Project_Cruise_Leg, L[MGD77_Param_Key(C,3,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:117:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Funding", strlen (P[0]->Funding), P[0]->Funding, strlen (P[1]->Funding), P[1]->Funding, L[MGD77_Param_Key(C,3,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:117:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Funding", strlen (P[0]->Funding), P[0]->Funding, strlen (P[1]->Funding), P[1]->Funding, L[MGD77_Param_Key(C,3,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:118:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Year", strlen (P[0]->Survey_Departure_Year), P[0]->Survey_Departure_Year, strlen (P[1]->Survey_Departure_Year), P[1]->Survey_Departure_Year, L[MGD77_Param_Key(C,4,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:118:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Year", strlen (P[0]->Survey_Departure_Year), P[0]->Survey_Departure_Year, strlen (P[1]->Survey_Departure_Year), P[1]->Survey_Departure_Year, L[MGD77_Param_Key(C,4,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:119:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Month", strlen (P[0]->Survey_Departure_Month), P[0]->Survey_Departure_Month, strlen (P[1]->Survey_Departure_Month), P[1]->Survey_Departure_Month, L[MGD77_Param_Key(C,4,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:119:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Month", strlen (P[0]->Survey_Departure_Month), P[0]->Survey_Departure_Month, strlen (P[1]->Survey_Departure_Month), P[1]->Survey_Departure_Month, L[MGD77_Param_Key(C,4,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:120:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Day", strlen (P[0]->Survey_Departure_Day), P[0]->Survey_Departure_Day, strlen (P[1]->Survey_Departure_Day), P[1]->Survey_Departure_Day, L[MGD77_Param_Key(C,4,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:120:114: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Departure_Day", strlen (P[0]->Survey_Departure_Day), P[0]->Survey_Departure_Day, strlen (P[1]->Survey_Departure_Day), P[1]->Survey_Departure_Day, L[MGD77_Param_Key(C,4,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:121:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Port_of_Departure", strlen (P[0]->Port_of_Departure), P[0]->Port_of_Departure, strlen (P[1]->Port_of_Departure), P[1]->Port_of_Departure, L[MGD77_Param_Key(C,4,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:121:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Port_of_Departure", strlen (P[0]->Port_of_Departure), P[0]->Port_of_Departure, strlen (P[1]->Port_of_Departure), P[1]->Port_of_Departure, L[MGD77_Param_Key(C,4,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:122:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Year", strlen (P[0]->Survey_Arrival_Year), P[0]->Survey_Arrival_Year, strlen (P[1]->Survey_Arrival_Year), P[1]->Survey_Arrival_Year, L[MGD77_Param_Key(C,4,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:122:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Year", strlen (P[0]->Survey_Arrival_Year), P[0]->Survey_Arrival_Year, strlen (P[1]->Survey_Arrival_Year), P[1]->Survey_Arrival_Year, L[MGD77_Param_Key(C,4,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:123:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Month", strlen (P[0]->Survey_Arrival_Month), P[0]->Survey_Arrival_Month, strlen (P[1]->Survey_Arrival_Month), P[1]->Survey_Arrival_Month, L[MGD77_Param_Key(C,4,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:123:114: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Month", strlen (P[0]->Survey_Arrival_Month), P[0]->Survey_Arrival_Month, strlen (P[1]->Survey_Arrival_Month), P[1]->Survey_Arrival_Month, L[MGD77_Param_Key(C,4,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:124:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Day", strlen (P[0]->Survey_Arrival_Day), P[0]->Survey_Arrival_Day, strlen (P[1]->Survey_Arrival_Day), P[1]->Survey_Arrival_Day, L[MGD77_Param_Key(C,4,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:124:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Survey_Arrival_Day", strlen (P[0]->Survey_Arrival_Day), P[0]->Survey_Arrival_Day, strlen (P[1]->Survey_Arrival_Day), P[1]->Survey_Arrival_Day, L[MGD77_Param_Key(C,4,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:125:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Port_of_Arrival", strlen (P[0]->Port_of_Arrival), P[0]->Port_of_Arrival, strlen (P[1]->Port_of_Arrival), P[1]->Port_of_Arrival, L[MGD77_Param_Key(C,4,8)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:125:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Port_of_Arrival", strlen (P[0]->Port_of_Arrival), P[0]->Port_of_Arrival, strlen (P[1]->Port_of_Arrival), P[1]->Port_of_Arrival, L[MGD77_Param_Key(C,4,8)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:126:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Navigation_Instrumentation", strlen (P[0]->Navigation_Instrumentation), P[0]->Navigation_Instrumentation, strlen (P[1]->Navigation_Instrumentation), P[1]->Navigation_Instrumentation, L[MGD77_Param_Key(C,5,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:126:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Navigation_Instrumentation", strlen (P[0]->Navigation_Instrumentation), P[0]->Navigation_Instrumentation, strlen (P[1]->Navigation_Instrumentation), P[1]->Navigation_Instrumentation, L[MGD77_Param_Key(C,5,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:127:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Geodetic_Datum_Position_Determination_Method", strlen (P[0]->Geodetic_Datum_Position_Determination_Method), P[0]->Geodetic_Datum_Position_Determination_Method, strlen (P[1]->Geodetic_Datum_Position_Determination_Method), P[1]->Geodetic_Datum_Position_Determination_Method, L[MGD77_Param_Key(C,5,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:127:186: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Geodetic_Datum_Position_Determination_Method", strlen (P[0]->Geodetic_Datum_Position_Determination_Method), P[0]->Geodetic_Datum_Position_Determination_Method, strlen (P[1]->Geodetic_Datum_Position_Determination_Method), P[1]->Geodetic_Datum_Position_Determination_Method, L[MGD77_Param_Key(C,5,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:128:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Instrumentation", strlen (P[0]->Bathymetry_Instrumentation), P[0]->Bathymetry_Instrumentation, strlen (P[1]->Bathymetry_Instrumentation), P[1]->Bathymetry_Instrumentation, L[MGD77_Param_Key(C,6,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:128:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Instrumentation", strlen (P[0]->Bathymetry_Instrumentation), P[0]->Bathymetry_Instrumentation, strlen (P[1]->Bathymetry_Instrumentation), P[1]->Bathymetry_Instrumentation, L[MGD77_Param_Key(C,6,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:129:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Add_Forms_of_Data", strlen (P[0]->Bathymetry_Add_Forms_of_Data), P[0]->Bathymetry_Add_Forms_of_Data, strlen (P[1]->Bathymetry_Add_Forms_of_Data), P[1]->Bathymetry_Add_Forms_of_Data, L[MGD77_Param_Key(C,6,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:129:138: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Add_Forms_of_Data", strlen (P[0]->Bathymetry_Add_Forms_of_Data), P[0]->Bathymetry_Add_Forms_of_Data, strlen (P[1]->Bathymetry_Add_Forms_of_Data), P[1]->Bathymetry_Add_Forms_of_Data, L[MGD77_Param_Key(C,6,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:130:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Instrumentation", strlen (P[0]->Magnetics_Instrumentation), P[0]->Magnetics_Instrumentation, strlen (P[1]->Magnetics_Instrumentation), P[1]->Magnetics_Instrumentation, L[MGD77_Param_Key(C,7,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:130:129: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Instrumentation", strlen (P[0]->Magnetics_Instrumentation), P[0]->Magnetics_Instrumentation, strlen (P[1]->Magnetics_Instrumentation), P[1]->Magnetics_Instrumentation, L[MGD77_Param_Key(C,7,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:131:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Add_Forms_of_Data", strlen (P[0]->Magnetics_Add_Forms_of_Data), P[0]->Magnetics_Add_Forms_of_Data, strlen (P[1]->Magnetics_Add_Forms_of_Data), P[1]->Magnetics_Add_Forms_of_Data, L[MGD77_Param_Key(C,7,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:131:135: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Add_Forms_of_Data", strlen (P[0]->Magnetics_Add_Forms_of_Data), P[0]->Magnetics_Add_Forms_of_Data, strlen (P[1]->Magnetics_Add_Forms_of_Data), P[1]->Magnetics_Add_Forms_of_Data, L[MGD77_Param_Key(C,7,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:132:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Instrumentation", strlen (P[0]->Gravity_Instrumentation), P[0]->Gravity_Instrumentation, strlen (P[1]->Gravity_Instrumentation), P[1]->Gravity_Instrumentation, L[MGD77_Param_Key(C,8,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:132:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Instrumentation", strlen (P[0]->Gravity_Instrumentation), P[0]->Gravity_Instrumentation, strlen (P[1]->Gravity_Instrumentation), P[1]->Gravity_Instrumentation, L[MGD77_Param_Key(C,8,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:133:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Add_Forms_of_Data", strlen (P[0]->Gravity_Add_Forms_of_Data), P[0]->Gravity_Add_Forms_of_Data, strlen (P[1]->Gravity_Add_Forms_of_Data), P[1]->Gravity_Add_Forms_of_Data, L[MGD77_Param_Key(C,8,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:133:129: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Add_Forms_of_Data", strlen (P[0]->Gravity_Add_Forms_of_Data), P[0]->Gravity_Add_Forms_of_Data, strlen (P[1]->Gravity_Add_Forms_of_Data), P[1]->Gravity_Add_Forms_of_Data, L[MGD77_Param_Key(C,8,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:134:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Seismic_Instrumentation", strlen (P[0]->Seismic_Instrumentation), P[0]->Seismic_Instrumentation, strlen (P[1]->Seismic_Instrumentation), P[1]->Seismic_Instrumentation, L[MGD77_Param_Key(C,9,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:134:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Seismic_Instrumentation", strlen (P[0]->Seismic_Instrumentation), P[0]->Seismic_Instrumentation, strlen (P[1]->Seismic_Instrumentation), P[1]->Seismic_Instrumentation, L[MGD77_Param_Key(C,9,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:135:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Seismic_Data_Formats", strlen (P[0]->Seismic_Data_Formats), P[0]->Seismic_Data_Formats, strlen (P[1]->Seismic_Data_Formats), P[1]->Seismic_Data_Formats, L[MGD77_Param_Key(C,9,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:135:114: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Seismic_Data_Formats", strlen (P[0]->Seismic_Data_Formats), P[0]->Seismic_Data_Formats, strlen (P[1]->Seismic_Data_Formats), P[1]->Seismic_Data_Formats, L[MGD77_Param_Key(C,9,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:137:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Format_Description", strlen (P[0]->Format_Description), P[0]->Format_Description, strlen (P[1]->Format_Description), P[1]->Format_Description, L[MGD77_Param_Key(C,10,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:137:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Format_Description", strlen (P[0]->Format_Description), P[0]->Format_Description, strlen (P[1]->Format_Description), P[1]->Format_Description, L[MGD77_Param_Key(C,10,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:138:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Topmost_Latitude", strlen (P[0]->Topmost_Latitude), P[0]->Topmost_Latitude, strlen (P[1]->Topmost_Latitude), P[1]->Topmost_Latitude, L[MGD77_Param_Key(C,11,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:138:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Topmost_Latitude", strlen (P[0]->Topmost_Latitude), P[0]->Topmost_Latitude, strlen (P[1]->Topmost_Latitude), P[1]->Topmost_Latitude, L[MGD77_Param_Key(C,11,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:139:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bottommost_Latitude", strlen (P[0]->Bottommost_Latitude), P[0]->Bottommost_Latitude, strlen (P[1]->Bottommost_Latitude), P[1]->Bottommost_Latitude, L[MGD77_Param_Key(C,11,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:139:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bottommost_Latitude", strlen (P[0]->Bottommost_Latitude), P[0]->Bottommost_Latitude, strlen (P[1]->Bottommost_Latitude), P[1]->Bottommost_Latitude, L[MGD77_Param_Key(C,11,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:140:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Leftmost_Longitude", strlen (P[0]->Leftmost_Longitude), P[0]->Leftmost_Longitude, strlen (P[1]->Leftmost_Longitude), P[1]->Leftmost_Longitude, L[MGD77_Param_Key(C,11,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:140:108: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Leftmost_Longitude", strlen (P[0]->Leftmost_Longitude), P[0]->Leftmost_Longitude, strlen (P[1]->Leftmost_Longitude), P[1]->Leftmost_Longitude, L[MGD77_Param_Key(C,11,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:141:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Rightmost_Longitude", strlen (P[0]->Rightmost_Longitude), P[0]->Rightmost_Longitude, strlen (P[1]->Rightmost_Longitude), P[1]->Rightmost_Longitude, L[MGD77_Param_Key(C,11,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:141:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Rightmost_Longitude", strlen (P[0]->Rightmost_Longitude), P[0]->Rightmost_Longitude, strlen (P[1]->Rightmost_Longitude), P[1]->Rightmost_Longitude, L[MGD77_Param_Key(C,11,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:142:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Digitizing_Rate", strlen (P[0]->Bathymetry_Digitizing_Rate), P[0]->Bathymetry_Digitizing_Rate, strlen (P[1]->Bathymetry_Digitizing_Rate), P[1]->Bathymetry_Digitizing_Rate, L[MGD77_Param_Key(C,12,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:142:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Digitizing_Rate", strlen (P[0]->Bathymetry_Digitizing_Rate), P[0]->Bathymetry_Digitizing_Rate, strlen (P[1]->Bathymetry_Digitizing_Rate), P[1]->Bathymetry_Digitizing_Rate, L[MGD77_Param_Key(C,12,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:143:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Sampling_Rate", strlen (P[0]->Bathymetry_Sampling_Rate), P[0]->Bathymetry_Sampling_Rate, strlen (P[1]->Bathymetry_Sampling_Rate), P[1]->Bathymetry_Sampling_Rate, L[MGD77_Param_Key(C,12,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:143:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Sampling_Rate", strlen (P[0]->Bathymetry_Sampling_Rate), P[0]->Bathymetry_Sampling_Rate, strlen (P[1]->Bathymetry_Sampling_Rate), P[1]->Bathymetry_Sampling_Rate, L[MGD77_Param_Key(C,12,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:144:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Assumed_Sound_Velocity", strlen (P[0]->Bathymetry_Assumed_Sound_Velocity), P[0]->Bathymetry_Assumed_Sound_Velocity, strlen (P[1]->Bathymetry_Assumed_Sound_Velocity), P[1]->Bathymetry_Assumed_Sound_Velocity, L[MGD77_Param_Key(C,12,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:144:153: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Assumed_Sound_Velocity", strlen (P[0]->Bathymetry_Assumed_Sound_Velocity), P[0]->Bathymetry_Assumed_Sound_Velocity, strlen (P[1]->Bathymetry_Assumed_Sound_Velocity), P[1]->Bathymetry_Assumed_Sound_Velocity, L[MGD77_Param_Key(C,12,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:145:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Datum_Code", strlen (P[0]->Bathymetry_Datum_Code), P[0]->Bathymetry_Datum_Code, strlen (P[1]->Bathymetry_Datum_Code), P[1]->Bathymetry_Datum_Code, L[MGD77_Param_Key(C,12,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:145:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Datum_Code", strlen (P[0]->Bathymetry_Datum_Code), P[0]->Bathymetry_Datum_Code, strlen (P[1]->Bathymetry_Datum_Code), P[1]->Bathymetry_Datum_Code, L[MGD77_Param_Key(C,12,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:146:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Interpolation_Scheme", strlen (P[0]->Bathymetry_Interpolation_Scheme), P[0]->Bathymetry_Interpolation_Scheme, strlen (P[1]->Bathymetry_Interpolation_Scheme), P[1]->Bathymetry_Interpolation_Scheme, L[MGD77_Param_Key(C,12,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:146:147: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Bathymetry_Interpolation_Scheme", strlen (P[0]->Bathymetry_Interpolation_Scheme), P[0]->Bathymetry_Interpolation_Scheme, strlen (P[1]->Bathymetry_Interpolation_Scheme), P[1]->Bathymetry_Interpolation_Scheme, L[MGD77_Param_Key(C,12,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:147:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Digitizing_Rate", strlen (P[0]->Magnetics_Digitizing_Rate), P[0]->Magnetics_Digitizing_Rate, strlen (P[1]->Magnetics_Digitizing_Rate), P[1]->Magnetics_Digitizing_Rate, L[MGD77_Param_Key(C,13,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:147:129: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Digitizing_Rate", strlen (P[0]->Magnetics_Digitizing_Rate), P[0]->Magnetics_Digitizing_Rate, strlen (P[1]->Magnetics_Digitizing_Rate), P[1]->Magnetics_Digitizing_Rate, L[MGD77_Param_Key(C,13,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:148:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sampling_Rate", strlen (P[0]->Magnetics_Sampling_Rate), P[0]->Magnetics_Sampling_Rate, strlen (P[1]->Magnetics_Sampling_Rate), P[1]->Magnetics_Sampling_Rate, L[MGD77_Param_Key(C,13,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:148:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sampling_Rate", strlen (P[0]->Magnetics_Sampling_Rate), P[0]->Magnetics_Sampling_Rate, strlen (P[1]->Magnetics_Sampling_Rate), P[1]->Magnetics_Sampling_Rate, L[MGD77_Param_Key(C,13,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:149:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Tow_Distance", strlen (P[0]->Magnetics_Sensor_Tow_Distance), P[0]->Magnetics_Sensor_Tow_Distance, strlen (P[1]->Magnetics_Sensor_Tow_Distance), P[1]->Magnetics_Sensor_Tow_Distance, L[MGD77_Param_Key(C,13,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:149:141: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Tow_Distance", strlen (P[0]->Magnetics_Sensor_Tow_Distance), P[0]->Magnetics_Sensor_Tow_Distance, strlen (P[1]->Magnetics_Sensor_Tow_Distance), P[1]->Magnetics_Sensor_Tow_Distance, L[MGD77_Param_Key(C,13,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:150:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Depth", strlen (P[0]->Magnetics_Sensor_Depth), P[0]->Magnetics_Sensor_Depth, strlen (P[1]->Magnetics_Sensor_Depth), P[1]->Magnetics_Sensor_Depth, L[MGD77_Param_Key(C,13,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:150:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Depth", strlen (P[0]->Magnetics_Sensor_Depth), P[0]->Magnetics_Sensor_Depth, strlen (P[1]->Magnetics_Sensor_Depth), P[1]->Magnetics_Sensor_Depth, L[MGD77_Param_Key(C,13,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:151:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Separation", strlen (P[0]->Magnetics_Sensor_Separation), P[0]->Magnetics_Sensor_Separation, strlen (P[1]->Magnetics_Sensor_Separation), P[1]->Magnetics_Sensor_Separation, L[MGD77_Param_Key(C,13,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:151:135: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Sensor_Separation", strlen (P[0]->Magnetics_Sensor_Separation), P[0]->Magnetics_Sensor_Separation, strlen (P[1]->Magnetics_Sensor_Separation), P[1]->Magnetics_Sensor_Separation, L[MGD77_Param_Key(C,13,5)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:152:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Ref_Field_Code", strlen (P[0]->Magnetics_Ref_Field_Code), P[0]->Magnetics_Ref_Field_Code, strlen (P[1]->Magnetics_Ref_Field_Code), P[1]->Magnetics_Ref_Field_Code, L[MGD77_Param_Key(C,13,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:152:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Ref_Field_Code", strlen (P[0]->Magnetics_Ref_Field_Code), P[0]->Magnetics_Ref_Field_Code, strlen (P[1]->Magnetics_Ref_Field_Code), P[1]->Magnetics_Ref_Field_Code, L[MGD77_Param_Key(C,13,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:153:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Ref_Field", strlen (P[0]->Magnetics_Ref_Field), P[0]->Magnetics_Ref_Field, strlen (P[1]->Magnetics_Ref_Field), P[1]->Magnetics_Ref_Field, L[MGD77_Param_Key(C,13,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:153:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Ref_Field", strlen (P[0]->Magnetics_Ref_Field), P[0]->Magnetics_Ref_Field, strlen (P[1]->Magnetics_Ref_Field), P[1]->Magnetics_Ref_Field, L[MGD77_Param_Key(C,13,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:154:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Method_Applying_Res_Field", strlen (P[0]->Magnetics_Method_Applying_Res_Field), P[0]->Magnetics_Method_Applying_Res_Field, strlen (P[1]->Magnetics_Method_Applying_Res_Field), P[1]->Magnetics_Method_Applying_Res_Field, L[MGD77_Param_Key(C,13,8)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:154:159: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Magnetics_Method_Applying_Res_Field", strlen (P[0]->Magnetics_Method_Applying_Res_Field), P[0]->Magnetics_Method_Applying_Res_Field, strlen (P[1]->Magnetics_Method_Applying_Res_Field), P[1]->Magnetics_Method_Applying_Res_Field, L[MGD77_Param_Key(C,13,8)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:155:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Digitizing_Rate", strlen (P[0]->Gravity_Digitizing_Rate), P[0]->Gravity_Digitizing_Rate, strlen (P[1]->Gravity_Digitizing_Rate), P[1]->Gravity_Digitizing_Rate, L[MGD77_Param_Key(C,14,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:155:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Digitizing_Rate", strlen (P[0]->Gravity_Digitizing_Rate), P[0]->Gravity_Digitizing_Rate, strlen (P[1]->Gravity_Digitizing_Rate), P[1]->Gravity_Digitizing_Rate, L[MGD77_Param_Key(C,14,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:156:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Sampling_Rate", strlen (P[0]->Gravity_Sampling_Rate), P[0]->Gravity_Sampling_Rate, strlen (P[1]->Gravity_Sampling_Rate), P[1]->Gravity_Sampling_Rate, L[MGD77_Param_Key(C,14,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:156:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Sampling_Rate", strlen (P[0]->Gravity_Sampling_Rate), P[0]->Gravity_Sampling_Rate, strlen (P[1]->Gravity_Sampling_Rate), P[1]->Gravity_Sampling_Rate, L[MGD77_Param_Key(C,14,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:158:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Theoretical_Formula", strlen (P[0]->Gravity_Theoretical_Formula), P[0]->Gravity_Theoretical_Formula, strlen (P[1]->Gravity_Theoretical_Formula), P[1]->Gravity_Theoretical_Formula, L[MGD77_Param_Key(C,14,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:158:135: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Theoretical_Formula", strlen (P[0]->Gravity_Theoretical_Formula), P[0]->Gravity_Theoretical_Formula, strlen (P[1]->Gravity_Theoretical_Formula), P[1]->Gravity_Theoretical_Formula, L[MGD77_Param_Key(C,14,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:160:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Reference_System", strlen (P[0]->Gravity_Reference_System), P[0]->Gravity_Reference_System, strlen (P[1]->Gravity_Reference_System), P[1]->Gravity_Reference_System, L[MGD77_Param_Key(C,14,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:160:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Reference_System", strlen (P[0]->Gravity_Reference_System), P[0]->Gravity_Reference_System, strlen (P[1]->Gravity_Reference_System), P[1]->Gravity_Reference_System, L[MGD77_Param_Key(C,14,6)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:161:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Corrections_Applied", strlen (P[0]->Gravity_Corrections_Applied), P[0]->Gravity_Corrections_Applied, strlen (P[1]->Gravity_Corrections_Applied), P[1]->Gravity_Corrections_Applied, L[MGD77_Param_Key(C,14,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:161:135: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Corrections_Applied", strlen (P[0]->Gravity_Corrections_Applied), P[0]->Gravity_Corrections_Applied, strlen (P[1]->Gravity_Corrections_Applied), P[1]->Gravity_Corrections_Applied, L[MGD77_Param_Key(C,14,7)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:162:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Departure_Base_Station", strlen (P[0]->Gravity_Departure_Base_Station), P[0]->Gravity_Departure_Base_Station, strlen (P[1]->Gravity_Departure_Base_Station), P[1]->Gravity_Departure_Base_Station, L[MGD77_Param_Key(C,15,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:162:144: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Departure_Base_Station", strlen (P[0]->Gravity_Departure_Base_Station), P[0]->Gravity_Departure_Base_Station, strlen (P[1]->Gravity_Departure_Base_Station), P[1]->Gravity_Departure_Base_Station, L[MGD77_Param_Key(C,15,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:163:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Departure_Base_Station_Name", strlen (P[0]->Gravity_Departure_Base_Station_Name), P[0]->Gravity_Departure_Base_Station_Name, strlen (P[1]->Gravity_Departure_Base_Station_Name), P[1]->Gravity_Departure_Base_Station_Name, L[MGD77_Param_Key(C,15,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:163:159: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Departure_Base_Station_Name", strlen (P[0]->Gravity_Departure_Base_Station_Name), P[0]->Gravity_Departure_Base_Station_Name, strlen (P[1]->Gravity_Departure_Base_Station_Name), P[1]->Gravity_Departure_Base_Station_Name, L[MGD77_Param_Key(C,15,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:164:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Arrival_Base_Station", strlen (P[0]->Gravity_Arrival_Base_Station), P[0]->Gravity_Arrival_Base_Station, strlen (P[1]->Gravity_Arrival_Base_Station), P[1]->Gravity_Arrival_Base_Station, L[MGD77_Param_Key(C,15,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:164:138: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Arrival_Base_Station", strlen (P[0]->Gravity_Arrival_Base_Station), P[0]->Gravity_Arrival_Base_Station, strlen (P[1]->Gravity_Arrival_Base_Station), P[1]->Gravity_Arrival_Base_Station, L[MGD77_Param_Key(C,15,3)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:165:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Arrival_Base_Station_Name", strlen (P[0]->Gravity_Arrival_Base_Station_Name), P[0]->Gravity_Arrival_Base_Station_Name, strlen (P[1]->Gravity_Arrival_Base_Station_Name), P[1]->Gravity_Arrival_Base_Station_Name, L[MGD77_Param_Key(C,15,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:165:153: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Gravity_Arrival_Base_Station_Name", strlen (P[0]->Gravity_Arrival_Base_Station_Name), P[0]->Gravity_Arrival_Base_Station_Name, strlen (P[1]->Gravity_Arrival_Base_Station_Name), P[1]->Gravity_Arrival_Base_Station_Name, L[MGD77_Param_Key(C,15,4)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:166:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Number_of_Ten_Degree_Identifiers", strlen (P[0]->Number_of_Ten_Degree_Identifiers), P[0]->Number_of_Ten_Degree_Identifiers, strlen (P[1]->Number_of_Ten_Degree_Identifiers), P[1]->Number_of_Ten_Degree_Identifiers, L[MGD77_Param_Key(C,16,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:166:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Number_of_Ten_Degree_Identifiers", strlen (P[0]->Number_of_Ten_Degree_Identifiers), P[0]->Number_of_Ten_Degree_Identifiers, strlen (P[1]->Number_of_Ten_Degree_Identifiers), P[1]->Number_of_Ten_Degree_Identifiers, L[MGD77_Param_Key(C,16,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:167:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Ten_Degree_Identifier", strlen (P[0]->Ten_Degree_Identifier), P[0]->Ten_Degree_Identifier, strlen (P[1]->Ten_Degree_Identifier), P[1]->Ten_Degree_Identifier, L[MGD77_Param_Key(C,16,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:167:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Ten_Degree_Identifier", strlen (P[0]->Ten_Degree_Identifier), P[0]->Ten_Degree_Identifier, strlen (P[1]->Ten_Degree_Identifier), P[1]->Ten_Degree_Identifier, L[MGD77_Param_Key(C,16,2)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:168:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_1", strlen (P[0]->Additional_Documentation_1), P[0]->Additional_Documentation_1, strlen (P[1]->Additional_Documentation_1), P[1]->Additional_Documentation_1, L[MGD77_Param_Key(C,18,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:168:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_1", strlen (P[0]->Additional_Documentation_1), P[0]->Additional_Documentation_1, strlen (P[1]->Additional_Documentation_1), P[1]->Additional_Documentation_1, L[MGD77_Param_Key(C,18,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:169:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_2", strlen (P[0]->Additional_Documentation_2), P[0]->Additional_Documentation_2, strlen (P[1]->Additional_Documentation_2), P[1]->Additional_Documentation_2, L[MGD77_Param_Key(C,19,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:169:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_2", strlen (P[0]->Additional_Documentation_2), P[0]->Additional_Documentation_2, strlen (P[1]->Additional_Documentation_2), P[1]->Additional_Documentation_2, L[MGD77_Param_Key(C,19,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:170:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_3", strlen (P[0]->Additional_Documentation_3), P[0]->Additional_Documentation_3, strlen (P[1]->Additional_Documentation_3), P[1]->Additional_Documentation_3, L[MGD77_Param_Key(C,20,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:170:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_3", strlen (P[0]->Additional_Documentation_3), P[0]->Additional_Documentation_3, strlen (P[1]->Additional_Documentation_3), P[1]->Additional_Documentation_3, L[MGD77_Param_Key(C,20,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:171:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_4", strlen (P[0]->Additional_Documentation_4), P[0]->Additional_Documentation_4, strlen (P[1]->Additional_Documentation_4), P[1]->Additional_Documentation_4, L[MGD77_Param_Key(C,21,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:171:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_4", strlen (P[0]->Additional_Documentation_4), P[0]->Additional_Documentation_4, strlen (P[1]->Additional_Documentation_4), P[1]->Additional_Documentation_4, L[MGD77_Param_Key(C,21,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:172:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_5", strlen (P[0]->Additional_Documentation_5), P[0]->Additional_Documentation_5, strlen (P[1]->Additional_Documentation_5), P[1]->Additional_Documentation_5, L[MGD77_Param_Key(C,22,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:172:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_5", strlen (P[0]->Additional_Documentation_5), P[0]->Additional_Documentation_5, strlen (P[1]->Additional_Documentation_5), P[1]->Additional_Documentation_5, L[MGD77_Param_Key(C,22,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:173:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_6", strlen (P[0]->Additional_Documentation_6), P[0]->Additional_Documentation_6, strlen (P[1]->Additional_Documentation_6), P[1]->Additional_Documentation_6, L[MGD77_Param_Key(C,23,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:173:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_6", strlen (P[0]->Additional_Documentation_6), P[0]->Additional_Documentation_6, strlen (P[1]->Additional_Documentation_6), P[1]->Additional_Documentation_6, L[MGD77_Param_Key(C,23,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:174:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_7", strlen (P[0]->Additional_Documentation_7), P[0]->Additional_Documentation_7, strlen (P[1]->Additional_Documentation_7), P[1]->Additional_Documentation_7, L[MGD77_Param_Key(C,24,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77_functions.c:174:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_Put_Param (C, F, "Additional_Documentation_7", strlen (P[0]->Additional_Documentation_7), P[0]->Additional_Documentation_7, strlen (P[1]->Additional_Documentation_7), P[1]->Additional_Documentation_7, L[MGD77_Param_Key(C,24,1)].revised);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:258:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pos = (int)(strlen (opt->arg) - 4)) < 0) continue; /* Odd item, skip */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:259:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prefix, opt->arg, PATH_MAX); /* Make copy of name/file */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:288:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fph77)) != EOF) fputc (c, fpout);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:290:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fpa77)) != EOF) fputc (c, fpout);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77convert.c:382:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D->H.author = gmt_M_memory (GMT, NULL, strlen (M.user)+1, char); /* Allocate space for author */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:388:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:392:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:396:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:400:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:406:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:434:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:440:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:444:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:460:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:464:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:468:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,4);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:475:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],&value[5],2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:478:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],&value[8],2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:482:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,4);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:485:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],&value[5],2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:488:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],&value[8],2);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:496:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! strlen(value)) continue;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77header.c:501:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[id].ptr[MGD77_M77_SET],value,MGD77_Header_Lookup[id].length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77info.c:361:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (D->H.E77 && strlen(D->H.E77) > 0)
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:512:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, opt->arg, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:513:36: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "mgd77")) strncpy (buffer, MGD77_FMT, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:515:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77_FMT, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:516:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:519:37: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "mgd77t")) strncpy (buffer, MGD77T_FMT, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:521:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77T_FMT, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:522:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:525:34: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "all")) strncpy (buffer, MGD77_ALL, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:527:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77_ALL, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:528:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:531:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "allt")) strncpy (buffer, MGD77T_ALL, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:533:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77T_ALL, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:534:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:537:34: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "geo")) strncpy (buffer, MGD77_GEO, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:539:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77_GEO, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:540:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:543:34: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (!strcmp (buffer, "dat")) strncpy (buffer, MGD77_DAT, GMT_BUFSIZ);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:545:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, MGD77_DAT, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:546:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buffer, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:728:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (k) strcat (fx_setting, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:969:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (fx_setting, ",");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1160:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (auxlist[MGD77_AUX_ID].requested) strncpy (aux_tvalue[MGD77_AUX_ID], M.NGDC_id, GMT_LEN64);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77list.c:1565:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (word, &tvalue[kk][rec*D->H.info[c].col[id].text], D->H.info[c].col[id].text);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77magref.c:195:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tfixed, &p[1], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:304:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen (line) - 1;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (answer, &line[i+1], (size_t)(k - i - 1));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:418:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (file)) Ctrl->A.file = strdup (file);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:488:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_errors += gmt_M_check_condition (GMT, strlen (Ctrl->I.c_abbrev) > MGD77_COL_ABBREV_LEN,
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:490:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_errors += gmt_M_check_condition (GMT, strlen (Ctrl->I.c_name) > MGD77_COL_NAME_LEN,
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:492:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_errors += gmt_M_check_condition (GMT, strlen (Ctrl->I.c_comment) > MGD77_COL_COMMENT_LEN,
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:676:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = (int)strlen (word);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:711:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string[n] = gmt_M_memory (GMT, NULL, strlen(word) + 1, char);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:827:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (history, " ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:845:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (history);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:848:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += (int)strlen (D->H.history);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1052:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&text[rec*LEN_size], not_given, LEN_size); /* In case we have no data at this time */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1055:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&text[rec*LEN_size], tmp_string[jrec], LEN_size);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1065:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (rec = 0; rec < n; rec++) strncpy (&text[rec*LEN_size], tmp_string[rec], LEN_size);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1106:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (D->H.E77 && strlen(D->H.E77) > 0 && !Ctrl->A.replace) {
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1259:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (MGD77_Header_Lookup[key].length == 1) ? 1 : strlen (answer);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1260:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (MGD77_Header_Lookup[key].ptr[MGD77_REVISED], answer, length);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1380:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < (int)strlen(p); k++) { /* Loop over one or more codes */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1443:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (E77);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1462:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (In.nc_id, cdf_var_id, "comment", strlen (answer), answer));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1560:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (In.nc_id, cdf_var_id, "long_name", strlen (Ctrl->I.c_name), Ctrl->I.c_name));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1562:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (In.nc_id, cdf_var_id, "units", strlen (Ctrl->I.c_units), Ctrl->I.c_units));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1565:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (In.nc_id, cdf_var_id, "comment", strlen (Ctrl->I.c_comment), Ctrl->I.c_comment));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1577:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (history);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1580:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += (int)(strlen (D->H.history) + 1); /* +1 because the '\0' of 'history' that is also copied by strcat */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77manage.c:1583:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MGD77_nc_status (GMT, nc_put_att_text (In.nc_id, NC_GLOBAL, "history", strlen (D->H.history), D->H.history));
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:239:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (info->fname) == 0) return; /* No name */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:612:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (GMT->current.setting.format_clock_out, "hh:mm:ss.xx", GMT_LEN64);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:745:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = n_comma = 0; k < strlen (opt->arg); k++) if (opt->arg[k] == ',') n_comma++;
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1190:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timeStr[strlen(ctime(&clock))-1] = '\0';
data/gmt-6.1.1+dfsg/src/mgd77/mgd77sniffer.c:1892:41: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
(m == 1) ? sprintf (text,"+eot ") : sprintf (text," ");
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:453:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (comment, &opt->arg[1], GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:454:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < (int)strlen (comment); j++) if (comment[j] == ',') comment[j] = ' '; /* Replace commas with spaces */
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:666:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, D->H.mgd77[use]->Survey_Identifier, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:668:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, list[argno], GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:669:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (name); i++) if (name[i] == '.') name[i] = '\0';
data/gmt-6.1.1+dfsg/src/mgd77/mgd77track.c:750:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cruise_id[n_id].text, name, 16U);
data/gmt-6.1.1+dfsg/src/movie.c:575:47: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 's': I->mode = MOVIE_LABEL_IS_STRING; strncpy (I->format, &t[1], GMT_LEN128-1); break;
data/gmt-6.1.1+dfsg/src/movie.c:668:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (arg, opt->arg, GMT_LEN64-1); /* Get a copy... */
data/gmt-6.1.1+dfsg/src/movie.c:718:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr ("cip", txt_a[strlen(txt_a)-1])) /* Width had recognized unit, set it */
data/gmt-6.1.1+dfsg/src/movie.c:719:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->C.unit = txt_a[strlen(txt_a)-1];
data/gmt-6.1.1+dfsg/src/movie.c:720:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strchr ("cip", txt_b[strlen(txt_b)-1])) /* Height had recognized unit, set it instead */
data/gmt-6.1.1+dfsg/src/movie.c:721:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->C.unit = txt_b[strlen(txt_b)-1];
data/gmt-6.1.1+dfsg/src/movie.c:789:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (arg, opt->arg, GMT_LEN64-1); /* Get a copy of the args (minus encoding options)... */
data/gmt-6.1.1+dfsg/src/movie.c:828:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Ctrl->G.pen, &c[2], GMT_LEN64);
data/gmt-6.1.1+dfsg/src/movie.c:1005:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Ctrl->T.sep, W, GMT_LEN8-1);
data/gmt-6.1.1+dfsg/src/movie.c:1059:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_errors += gmt_M_check_condition (GMT, !Ctrl->N.active || (Ctrl->N.prefix == NULL || strlen (Ctrl->N.prefix) == 0),
data/gmt-6.1.1+dfsg/src/movie.c:1399:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:1445:44: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:1598:44: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:1758:44: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:1954:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (label, "/");
data/gmt-6.1.1+dfsg/src/movie.c:1955:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (p < (I->n_labels-1)) strcat (label, ";");
data/gmt-6.1.1+dfsg/src/movie.c:2063:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:2085:39: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:2211:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (strchr (line, '\n') == NULL) strcat (line, "\n"); /* In case the last line misses a newline */
data/gmt-6.1.1+dfsg/src/movie.c:2320:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (files, "0");
data/gmt-6.1.1+dfsg/src/postscriptlight.c:486:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(string)) <= n ) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:510:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dir || (n = strlen (dir)) < 2U)
data/gmt-6.1.1+dfsg/src/postscriptlight.c:652:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_string = PSL_memory (PSL, NULL, strlen(in_string) + 1, char); /* Get a new string of same length (extra byte for '\0') */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:688:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (in_string, 0, strlen (in_string)); /* Set old in_string to NULL */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:689:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (in_string, out_string, strlen (out_string)); /* Overwrite old string with possibly adjusted string */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:689:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (in_string, out_string, strlen (out_string)); /* Overwrite old string with possibly adjusted string */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1107:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen (label[i]) - 1; label[i][j] == ' '; j--) label[i][j] = 0;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1193:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (&(PSL->internal.buffer[PSL->internal.n]), (const char *)dst_buf, buf_size);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1487:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!isdigit ((unsigned char) name[strlen(name)-1]))
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1563:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[0][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1567:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[1][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1571:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[2][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1575:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[3][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1579:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[4][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1583:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[5][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1587:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[6][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1591:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[7][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1595:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[8][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1599:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[9][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1603:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[10][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1607:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[11][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1611:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[12][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1615:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[13][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1619:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[14][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1623:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += (int)strlen(psl_scandcodes[15][he]); i++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1654:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(string, "\\"); j++;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1827:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!length) length = (int)strlen (word);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1838:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_word->txt, &word[i], (size_t)length);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:1900:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(text[n_words]) - 1;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2122:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(word[i0]->txt);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2182:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += (int)strlen (word[i]->txt) + 1; if (n >= 60) n = 0;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:2480:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PSL->internal.user_image[PSL->internal.n_userimages] = PSL_memory (PSL, NULL, strlen (imagefile)+1, char);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3180:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fullname) >= PSL_NAME_LEN) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3184:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (PSL->internal.font[i].name, fullname, PSL_NAME_LEN-1);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3387:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&text[strlen(text)], " %.12g /%s PSL_transp", 1.0 - rgb[3], PSL->current.transparency_mode);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3511:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (txt);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3513:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (&(PSL->internal.buffer[PSL->internal.n]), txt, len);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:3918:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (PSL->current.transparency_mode, mode, 15U); /* Keep one character for null terminator */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4091:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (&(PSL->internal.buffer[PSL->internal.n]), (char *)buffer, h->length);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4607:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (PSL->current.style, style, PSL_PEN_LEN);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4806:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (text) >= (PSL_BUFSIZ-1)) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4820:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen (text) - 1; text[j] == ' '; j--) text[j] = 0;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4852:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (PSL->current.string, &text[i], PSL_BUFSIZ - 1); /* Save the string with one left for null terminator */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4864:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (text); k++) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4911:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (text) >= (PSL_BUFSIZ-1)) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4955:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempstring = PSL_memory (PSL, NULL, strlen(string)+1, char); /* Since strtok steps on it */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4961:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_chr = ptr[strlen(ptr)-1];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:4995:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ); /* Picked character2 */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5017:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5030:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5047:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5064:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5070:57: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(scaps_on) ? psl_get_uppercase (piece, ptr) : (void) strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5084:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5091:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5096:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5099:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5102:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (piece) > 0) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5113:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_chr = ptr[strlen(piece)-1];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (text) >= (PSL_BUFSIZ-1)) { /* We gotta have some limit on how long a single string can be... */
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5211:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen (text) - 1; text[j] == ' '; j--) text[j] = 0;
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5272:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_chr = ptr[strlen(ptr)-1];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5293:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 4U);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5317:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece2, ptr, 4U);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5337:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5343:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5357:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5374:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5391:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5397:57: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(scaps_on) ? psl_get_uppercase (piece, ptr) : (void) strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5415:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5464:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5474:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5477:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (piece, ptr, 2 * PSL_BUFSIZ);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5481:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (piece) > 0) {
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5488:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_chr = ptr[strlen(piece)-1];
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5895:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (&(C->internal.buffer[C->internal.n]), tmp_buffer, len);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5912:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (&(C->internal.buffer[C->internal.n]), "%\n% ", 4U);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5914:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (&(C->internal.buffer[C->internal.n]), tmp_buffer, len);
data/gmt-6.1.1+dfsg/src/postscriptlight.c:5916:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (&(C->internal.buffer[C->internal.n]), "%\n", 2U);
data/gmt-6.1.1+dfsg/src/potential/gmtgravmag3d.c:286:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->T.xyz_file[strlen(Ctrl->T.xyz_file)-2] = '\0'; /* In any case the "+m" must go out of fname */
data/gmt-6.1.1+dfsg/src/potential/gravfft.c:345:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (opt->arg[strlen(opt->arg)-2] == '+') { /* Fragile. Needs further testing unless -Q is used */
data/gmt-6.1.1+dfsg/src/potential/grdflexure.c:190:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t k = strlen (A) - 1;
data/gmt-6.1.1+dfsg/src/potential/grdgravmag3d.c:392:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Ctrl->Q.region, opt->arg, GMT_BUFSIZ); /* Pad given as a -R region */
data/gmt-6.1.1+dfsg/src/project.c:462:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (opt->arg) - 1;
data/gmt-6.1.1+dfsg/src/pscoast.c:537:101: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[XLO], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:538:101: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[XHI], GMT_OUT, GMT_X); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:539:101: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
gmt_ascii_format_col (GMT, text, GMT->common.R.wesn[YLO], GMT_OUT, GMT_Y); strcat (record, text); strcat (record, "/");
data/gmt-6.1.1+dfsg/src/pscoast.c:542:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 2; i < strlen (record); i++) {
data/gmt-6.1.1+dfsg/src/pscoast.c:677:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (old_J, GMT->common.J.string, GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/pscontour.c:556:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t last = strlen (opt->arg) - 1;
data/gmt-6.1.1+dfsg/src/pscontour.c:626:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_a, &opt->arg[k], (size_t)(n-k)); txt_a[n-k] = '\0';
data/gmt-6.1.1+dfsg/src/psconvert.c:99:47: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
#define add_to_list(list,item) { if (list[0]) strcat (list, " "); strcat (list, item); }
data/gmt-6.1.1+dfsg/src/psconvert.c:100:48: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
#define add_to_qlist(list,item) { if (list[0]) strcat (list, " "); strcat (list, squote); strcat (list, item); strcat (list, squote); }
data/gmt-6.1.1+dfsg/src/psconvert.c:297:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, arg, GMT_LEN128-1);
data/gmt-6.1.1+dfsg/src/psconvert.c:692:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (Ctrl->C.arg, " ");
data/gmt-6.1.1+dfsg/src/psconvert.c:712:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->G.file = malloc (strlen (opt->arg)+3); /* Add space for quotes */
data/gmt-6.1.1+dfsg/src/psconvert.c:772:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((j = (int)strlen(opt->arg)) > 1 && opt->arg[j-1] == '-') /* Old deprecated way of appending a single - sign at end */
data/gmt-6.1.1+dfsg/src/psconvert.c:914:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fp)) > 0) { /* Keep reading until End-Of-File */
data/gmt-6.1.1+dfsg/src/psconvert.c:1047:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fh, t, 1U) && t[0] != '\n'); /* Consume first line that has the BoundingBox */
data/gmt-6.1.1+dfsg/src/psconvert.c:1049:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fh, t, 1U) && t[0] != '\n') /* Read second line which has the HiResBoundingBox */
data/gmt-6.1.1+dfsg/src/psconvert.c:1098:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < strlen(buf); n++) /* and update it */
data/gmt-6.1.1+dfsg/src/psconvert.c:1107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < strlen(buf); n++) /* and update it */
data/gmt-6.1.1+dfsg/src/psconvert.c:1119:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < strlen(buf); n++, c_begin++) pch[c_begin] = buf[n];
data/gmt-6.1.1+dfsg/src/psconvert.c:1129:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < strlen(buf); n++, c_begin++) pch[c_begin] = buf[n];
data/gmt-6.1.1+dfsg/src/psconvert.c:1172:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gs_params) < 450) strcat (cmd, gs_params); /* We know it is but Coverity doesn't, and complains */
data/gmt-6.1.1+dfsg/src/psconvert.c:1202:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (cmd, out_file, 1023);
data/gmt-6.1.1+dfsg/src/psconvert.c:1248:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fh, buf, 3U)) != 3) /* Consume first header line */
data/gmt-6.1.1+dfsg/src/psconvert.c:1250:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (fh, buf, 1U) && buf[0] != '\n'); /* OK, by the end of this we are at the end of second header line */
data/gmt-6.1.1+dfsg/src/psconvert.c:1252:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fh, buf, 1U) && buf[0] != ' ') /* Get string with number of columns from 3rd header line */
data/gmt-6.1.1+dfsg/src/psconvert.c:1256:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fh, buf, 1U) && buf[0] != '\n') /* Get string with number of rows from 3rd header line */
data/gmt-6.1.1+dfsg/src/psconvert.c:1260:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fh, buf, 1U) && buf[0] != '\n'); /* Consume fourth header line */
data/gmt-6.1.1+dfsg/src/psconvert.c:1274:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((k = read (fd[0], tmp, (unsigned int)(nCols * nBands))) == 0) { /* Read a row of nCols by nBands bytes of data */
data/gmt-6.1.1+dfsg/src/psconvert.c:1285:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
junk_n = read (fd[0], I->data, (unsigned int)(nCols * nRows * nBands)); /* ... but may overflow */
data/gmt-6.1.1+dfsg/src/psconvert.c:1289:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
junk_n = read (fd[0], tmp, (unsigned int)(nCols * nBands)); /* Read a row of nCols by nBands bytes of data */
data/gmt-6.1.1+dfsg/src/psconvert.c:1340:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (t, Ctrl->F.file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1348:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (t, ext[Ctrl->T.device], 5);
data/gmt-6.1.1+dfsg/src/psconvert.c:1353:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (out_file, squote, 1); strcat (out_file, t); strncat (out_file, squote, 1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1353:57: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (out_file, squote, 1); strcat (out_file, t); strncat (out_file, squote, 1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1413:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)strlen(file) - 1; i > 0; i--) {
data/gmt-6.1.1+dfsg/src/psconvert.c:1693:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_alloc += (strlen (ps_names[k]) + 3); /* 3 = 2 quotes plus space */
data/gmt-6.1.1+dfsg/src/psconvert.c:1737:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ps_file, ps_names[k], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/psconvert.c:1799:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ps_file);
data/gmt-6.1.1+dfsg/src/psconvert.c:1819:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psfile_to_use = Ctrl->A.strip ? no_U_file : ((strlen (clean_PS_file) > 0) ? clean_PS_file : ps_file);
data/gmt-6.1.1+dfsg/src/psconvert.c:1862:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (tmp_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:1916:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (tmp_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:1919:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp_file) < PATH_MAX-4) /* To please Coverity */
data/gmt-6.1.1+dfsg/src/psconvert.c:2145:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t3, line_, 127);
data/gmt-6.1.1+dfsg/src/psconvert.c:2160:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseek (fp, -(off_t)(strlen(line_)+strlen(t3)+2U), SEEK_CUR);
data/gmt-6.1.1+dfsg/src/psconvert.c:2160:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseek (fp, -(off_t)(strlen(line_)+strlen(t3)+2U), SEEK_CUR);
data/gmt-6.1.1+dfsg/src/psconvert.c:2162:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/gmt-6.1.1+dfsg/src/psconvert.c:2285:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_wkt) != strlen(from_gdalread->ProjRefWKT)) free(new_wkt); /* allocated in strrep */
data/gmt-6.1.1+dfsg/src/psconvert.c:2285:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_wkt) != strlen(from_gdalread->ProjRefWKT)) free(new_wkt); /* allocated in strrep */
data/gmt-6.1.1+dfsg/src/psconvert.c:2321:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tag, &ext[Ctrl->T.device][1], 15U);
data/gmt-6.1.1+dfsg/src/psconvert.c:2330:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (out_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:2338:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (out_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:2402:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (out_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:2429:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (out_file, Ctrl->F.file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/psconvert.c:2510:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (no_U_file) > 0 && gmt_remove_file (GMT, no_U_file)) /* empty string == file was not created */
data/gmt-6.1.1+dfsg/src/psconvert.c:2512:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (clean_PS_file) > 0 && gmt_remove_file (GMT, clean_PS_file)) /* empty string == file was not created */
data/gmt-6.1.1+dfsg/src/psconvert.c:2553:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (world_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:2611:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (kml_file, &ps_file[pos_file], (size_t)(pos_ext - pos_file));
data/gmt-6.1.1+dfsg/src/psconvert.c:2817:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
C->G.file = malloc (strlen (data) + 3); /* strlen + 2 * " + \0 */
data/gmt-6.1.1+dfsg/src/pshistogram.c:470:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (W && strchr (GMT_DIM_UNITS, W[strlen(W)-1])) return true; /* Must have given a -W<pen> */
data/gmt-6.1.1+dfsg/src/psimage.c:157:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
n = sscanf (opt->arg, "%[^/]/%[^/]/%2s", txt_a, txt_b, txt_c);
data/gmt-6.1.1+dfsg/src/psimage.c:209:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/pslegend.c:165:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg) < 5 || strchr ("jgn", opt->arg[0]) || strstr (opt->arg, "+j") || strstr (opt->arg, "+l") || strstr (opt->arg, "+o") || strstr (opt->arg, "+w")) { /* New syntax: */
data/gmt-6.1.1+dfsg/src/pslegend.c:210:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (txt_b) == 2 && strchr ("LMRBCT", txt_b[GMT_X]) && strchr ("LMRBCT", txt_b[GMT_Y])) /* Gave a 2-char justification code */
data/gmt-6.1.1+dfsg/src/pslegend.c:216:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (txt_c) == 2 && strchr ("LMRBCT", txt_c[GMT_X]) && strchr ("LMRBCT", txt_c[GMT_Y])) { /* Gave a 2-char justification code */
data/gmt-6.1.1+dfsg/src/pslegend.c:226:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (txt_b) == 2 && strchr ("LMRBCT", txt_b[GMT_X]) && strchr ("LMRBCT", txt_b[GMT_Y])) /* Gave a 2-char justification code */
data/gmt-6.1.1+dfsg/src/pslegend.c:577:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
height += (txt_a[strlen(txt_a)-1] == 'l') ? atoi (txt_a) * one_line_spacing : gmt_M_to_inch (GMT, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:723:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (do_width && n_scan == 4 && strlen (text)) {
data/gmt-6.1.1+dfsg/src/pslegend.c:730:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_char += strlen (line) - 2;
data/gmt-6.1.1+dfsg/src/pslegend.c:995:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (txt_a, "0");
data/gmt-6.1.1+dfsg/src/pslegend.c:1004:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (txt_a, "0");
data/gmt-6.1.1+dfsg/src/pslegend.c:1055:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
row_height = (txt_a[strlen(txt_a)-1] == 'l') ? atoi (txt_a) * one_line_spacing : gmt_M_to_inch (GMT, txt_a);
data/gmt-6.1.1+dfsg/src/pslegend.c:1331:38: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if (n == 0 || angle[0] == '-') sprintf (angle, "0");
data/gmt-6.1.1+dfsg/src/pslegend.c:1335:35: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if (n == 0 || jj[0] == '-') sprintf (jj, "j");
data/gmt-6.1.1+dfsg/src/pslegend.c:1353:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (line) > 2)
data/gmt-6.1.1+dfsg/src/pslegend.c:1685:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (txt_a, "0");
data/gmt-6.1.1+dfsg/src/psrose.c:312:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (opt->arg); k++) if (opt->arg[k] == ',') n_comma++;
data/gmt-6.1.1+dfsg/src/psrose.c:1089:8: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (text, "0"); Ctrl->L.n = strdup (text);
data/gmt-6.1.1+dfsg/src/psscale.c:382:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case 'g': strcat (extra, "+"); strcat (extra, p); break; /* Fill */
data/gmt-6.1.1+dfsg/src/psscale.c:383:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case 'p': strcat (extra, "+"); strcat (extra, p); break; /* Pen */
data/gmt-6.1.1+dfsg/src/psscale.c:461:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string[(j = (int)strlen(string)-1)] == 'h') { /* Be kind to those who forgot +h */
data/gmt-6.1.1+dfsg/src/psscale.c:530:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (unsigned int)strlen (txt_b) - 1;
data/gmt-6.1.1+dfsg/src/psscale.c:599:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, unit, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/psscale.c:601:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 0; i < strlen (unit); i++) {
data/gmt-6.1.1+dfsg/src/psscale.c:645:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (text); k++) if (strchr ("jpqy", text[k])) return true;
data/gmt-6.1.1+dfsg/src/psscale.c:716:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:723:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:755:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, GMT->current.setting.format_float_map, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:791:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, text, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:852:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + ndec) * GMT_DEC_WIDTH +
data/gmt-6.1.1+dfsg/src/psscale.c:852:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + ndec) * GMT_DEC_WIDTH +
data/gmt-6.1.1+dfsg/src/psscale.c:874:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ylen = strlen (GMT->current.map.frame.axis[GMT_Y].label);
data/gmt-6.1.1+dfsg/src/psscale.c:921:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ylen = strlen (GMT->current.map.frame.axis[GMT_Y].label);
data/gmt-6.1.1+dfsg/src/psscale.c:954:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (label, GMT->current.map.frame.axis[GMT_X].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:955:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (unit, GMT->current.map.frame.axis[GMT_Y].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1163:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, P->data[i].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1167:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, P->data[i-1].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1195:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, P->data[i].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1302:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + 2*ndec) * GMT_DEC_WIDTH - 0.4 +
data/gmt-6.1.1+dfsg/src/psscale.c:1302:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + 2*ndec) * GMT_DEC_WIDTH - 0.4 +
data/gmt-6.1.1+dfsg/src/psscale.c:1309:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + ndec) * GMT_DEC_WIDTH +
data/gmt-6.1.1+dfsg/src/psscale.c:1309:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hor_annot_width = ((MAX ((int)strlen (text), (int)strlen (test)) + ndec) * GMT_DEC_WIDTH +
data/gmt-6.1.1+dfsg/src/psscale.c:1449:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, P->data[i].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1453:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (text, P->data[i-1].label, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/psscale.c:1507:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x0 = 0.5 * (length + ((int)strlen (label) -1) * size);
data/gmt-6.1.1+dfsg/src/psscale.c:1509:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (label); i++) {
data/gmt-6.1.1+dfsg/src/pssolar.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = malloc(strlen(date_tz)+1);
data/gmt-6.1.1+dfsg/src/pssolar.c:228:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < (int)strlen(opt->arg); j++) {
data/gmt-6.1.1+dfsg/src/psternary.c:318:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bopt, &B->arg[1], 63U); /* Place start of b up to g[<pars>] in bopt, skipping the leading a,b,c */
data/gmt-6.1.1+dfsg/src/psternary.c:320:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sofar = strlen (bopt);
data/gmt-6.1.1+dfsg/src/psternary.c:321:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (g); /* How long is the g thing? */
data/gmt-6.1.1+dfsg/src/pstext.c:81:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read[4]; /* Contains a|A, c, f, and/or j in order required to be read from input */
data/gmt-6.1.1+dfsg/src/pstext.c:252:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (size) - 1;
data/gmt-6.1.1+dfsg/src/pstext.c:257:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (spacing) - 1;
data/gmt-6.1.1+dfsg/src/pstext.c:260:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen (width) - 1;
data/gmt-6.1.1+dfsg/src/pstext.c:454:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Ctrl->F.read[Ctrl->F.nread] = p[0];
data/gmt-6.1.1+dfsg/src/pstext.c:462:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Ctrl->F.read[Ctrl->F.nread] = p[0];
data/gmt-6.1.1+dfsg/src/pstext.c:472:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Ctrl->F.read[Ctrl->F.nread] = p[0];
data/gmt-6.1.1+dfsg/src/pstext.c:483:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Ctrl->F.read[Ctrl->F.nread] = p[0];
data/gmt-6.1.1+dfsg/src/pstext.c:640:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 2 && tolower (Ctrl->F.read[1]) == 'a', "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:641:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 3 && (tolower (Ctrl->F.read[1]) == 'a' || tolower (Ctrl->F.read[2]) == 'a'), "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:641:119: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 3 && (tolower (Ctrl->F.read[1]) == 'a' || tolower (Ctrl->F.read[2]) == 'a'), "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:642:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 4 && (tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[3]) == 'a'), "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:642:119: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 4 && (tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[3]) == 'a'), "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:642:155: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_errors += gmt_M_check_condition (GMT, Ctrl->F.nread == 4 && (tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[2]) == 'a' || tolower (Ctrl->F.read[3]) == 'a'), "Option -F: Must list +a before +c, +f, +j for external API\n");
data/gmt-6.1.1+dfsg/src/pstext.c:824:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Ctrl->F.nread && tolower (Ctrl->F.read[0]) == 'a') a_col = 1; /* Must include the a col among the numerics */
data/gmt-6.1.1+dfsg/src/pstext.c:1016:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (Ctrl->F.read[k]) {
data/gmt-6.1.1+dfsg/src/pstext.c:1077:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cp_line, line, GMT_BUFSIZ); /* Make a copy because in_line may be pointer to a strdup-ed line that we cannot enlarge */
data/gmt-6.1.1+dfsg/src/pstext.c:1089:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (paragraph, "\r");
data/gmt-6.1.1+dfsg/src/pstext.c:1093:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_add = (int)strlen (line) + 1;
data/gmt-6.1.1+dfsg/src/pstext.c:1098:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (length) strcat (paragraph, " ");
data/gmt-6.1.1+dfsg/src/pstext.c:1119:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cp_line, line, GMT_BUFSIZ-1); /* Make a copy because in_line may be pointer to a strdup-ed line that we cannot enlarge */
data/gmt-6.1.1+dfsg/src/pstext.c:1143:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (Ctrl->F.read[k]) {
data/gmt-6.1.1+dfsg/src/pswiggle.c:404:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (unsigned int)strlen (opt->arg) - 1;
data/gmt-6.1.1+dfsg/src/psxy.c:339:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (tmp_file) - 4; /* Position of the '.' since we know extension is .def */
data/gmt-6.1.1+dfsg/src/psxy.c:615:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt_a, &text[j], GMT_LEN256);
data/gmt-6.1.1+dfsg/src/sample1d.c:299:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (string, "/");
data/gmt-6.1.1+dfsg/src/script2verbatim.c:86:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1_len = strlen(s1);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:89:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2_len = strlen(s2);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s3_len = strlen(s3);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:143:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(newstr) == newstr_len);
data/gmt-6.1.1+dfsg/src/script2verbatim.c:188:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (line);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:536:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (opt->arg[strlen(opt->arg)-1] == 'f') Ctrl->A.frame = true;
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:579:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, &opt->arg[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:584:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen (p)) {
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:653:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (opt->arg[strlen(opt->arg)-1] == 'u') {
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:655:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->arg[strlen(opt->arg)-1] = '\0';
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:780:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (opt->arg[strlen(opt->arg)-1] == 'u') {
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:782:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->arg[strlen(opt->arg)-1] = '\0';
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:797:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg) > 2 && gmt_getpen (GMT, &opt->arg[2], &Ctrl->T.pen)) { /* Set transparent attributes */
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:973:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (event_title, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/seis/pscoupe.c:979:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (event_title, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:271:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, opt->arg, GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:298:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, &opt->arg[1], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:303:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen (p)) {
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:448:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (opt->arg[strlen(opt->arg)-1] == 'u') {
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:450:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->arg[strlen(opt->arg)-1] = '\0';
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:464:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg) > 2 && gmt_getpen (GMT, &opt->arg[2], &Ctrl->T.pen)) { /* Set transparent attributes */
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:641:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (event_title, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/seis/psmeca.c:647:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (event_title, In->text, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:323:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (&opt->arg[1]) && gmt_getpen (GMT, &opt->arg[1], &Ctrl->E.pen)) {
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:330:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (&opt->arg[1]) && gmt_getpen (GMT, &opt->arg[1], &Ctrl->F.pen)) {
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:337:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (&opt->arg[1]) && gmt_getpen (GMT, &opt->arg[1], &Ctrl->G.pen)) {
data/gmt-6.1.1+dfsg/src/seis/pspolar.c:434:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg)) {
data/gmt-6.1.1+dfsg/src/seis/pssac.c:257:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Ctrl->E.keys, &opt->arg[0], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/seis/pssac.c:261:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Ctrl->F.keys, &opt->arg[0], GMT_LEN256-1);
data/gmt-6.1.1+dfsg/src/seis/pssac.c:332:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (opt->arg) - 1;
data/gmt-6.1.1+dfsg/src/sphtriangulate.c:689:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (header, ".");
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:268:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr(opt->arg, "+n") || opt->arg[strlen(opt->arg)-1] == '+') /* Gave number of points instead; calculate inc */
data/gmt-6.1.1+dfsg/src/spotter/grdrotater.c:705:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (gfile, Ctrl->G.file, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:825:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen (Ctrl->G.file); len > 0 && Ctrl->G.file[len] != '.'; len--);
data/gmt-6.1.1+dfsg/src/spotter/grdspotter.c:827:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (format, Ctrl->G.file, len); /* Should keep the prefix from a file called prefix.ext */
data/gmt-6.1.1+dfsg/src/spotter/originater.c:419:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, file, PATH_MAX);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:422:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, Ctrl->F.file, PATH_MAX);
data/gmt-6.1.1+dfsg/src/spotter/originater.c:423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen (path);
data/gmt-6.1.1+dfsg/src/spotter/rotconverter.c:197:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (opt->arg) != 1) {
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:340:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (file) > GMT_LEN64) return (false); /* Cannot be two pairs of tags */
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:370:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (kk = 0; kk < strlen (arg); kk++) if (arg[kk] == '/') ns++;
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:426:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Plates, this_c, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/spotter/spotter.c:462:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Rotations, this_c, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/subplot.c:330:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Ctrl->A.format, opt->arg, GMT_LEN128);
data/gmt-6.1.1+dfsg/src/subplot.c:334:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (opt->arg); k++) { /* Decode the tag format */
data/gmt-6.1.1+dfsg/src/subplot.c:361:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (Ctrl->A.justify, Ctrl->A.placement, 2);
data/gmt-6.1.1+dfsg/src/subplot.c:917:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (report);
data/gmt-6.1.1+dfsg/src/subplot.c:919:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen (txt);
data/gmt-6.1.1+dfsg/src/subplot.c:931:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (report);
data/gmt-6.1.1+dfsg/src/subplot.c:933:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen (txt);
data/gmt-6.1.1+dfsg/src/surface.c:1325:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface.c:1327:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface.c:1794:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->S.unit = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/surface.c:1808:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1616:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:1618:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2118:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->S.unit = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/surface_experimental.c:2132:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/surface_old.c:1361:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_old.c:1363:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (region, buffer); strcat (region, "/");
data/gmt-6.1.1+dfsg/src/surface_old.c:1674:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Ctrl->S.unit = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/surface_old.c:1688:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modifier = opt->arg[strlen(opt->arg)-1];
data/gmt-6.1.1+dfsg/src/testgmtshell.c:53:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = '\0'; /* Chop off newline */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:172:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mgg_path[n_mgg_paths] = gmt_M_memory (GMT, NULL, strlen (line), char);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:173:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen (line)-1] = 0;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:241:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
X2SYS_HOME = gmt_M_memory (GMT, NULL, strlen (this) + 1, char);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:490:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->fflags, string, GMT_BUFSIZ-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:491:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, string, GMT_BUFSIZ-1); /* Make copy for later use */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:572:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, &line[s->info[j].start_col], s->info[j].n_cols);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:663:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, fname, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:665:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:712:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p->name, &file[start], 31U);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:735:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, fname, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:737:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:749:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, &file[first], 81U);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:750:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr (&file[first], ".gmt")) name[strlen(&file[first])-4] = 0; /* Name includes .gmt suffix, remove it */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:840:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, fname, GMT_LEN32-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:842:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:882:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p->name, &file[first], 31U);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:917:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:942:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p->name, &file[first], 31U);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:968:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (file, fname, GMT_LEN64-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:970:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strstr (file, s->suffix) == NULL) {strcat (file, "."); strcat (file, s->suffix); } /* Must have suffix to download */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:974:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "?"); /* Set all the required fields */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:976:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i) strcat (path, "/");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1002:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (p->name, &file[first], 63U);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1175:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sfile, &p[2], PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1178:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (suffix, &p[2], 15);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1312:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->suffix, suffix, 16);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1314:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->suffix, sfile, 16);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1568:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x2sys_datadir[n_x2sys_paths] = gmt_M_memory (GMT, NULL, strlen (line)+1, char);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1581:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x2sys_datadir[n_x2sys_paths] = gmt_M_memory (GMT, NULL, strlen (GMT->session.CACHEDIR)+1, char);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1606:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L_track = strlen(track); L_suffix = (suffix) ? strlen(suffix) : 0;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1606:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L_track = strlen(track); L_suffix = (suffix) ? strlen(suffix) : 0;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1627:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (geo_path, track, PATH_MAX-1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1728:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (txt[strlen(txt)-1] == '1') two_values = true; /* Option -2 was used */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1731:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen (ptr) - 1;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1734:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (txt, ptr, i);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1778:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (trk[0]); k++) if (trk[0][k] == '.') trk[0][k] = '\0';
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:1779:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen (trk[1]); k++) if (trk[1][k] == '.') trk[1][k] = '\0';
data/gmt-6.1.1+dfsg/src/x2sys/x2sys.c:2036:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ctable || !strlen(ctable)) { /* Try default correction table */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_cross.c:187:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt->arg))
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:447:72: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(((Ctrl->G.active) ? B.head[kk].flag : in_bin_flag[kk]) & bit) ? strcat (line, "Y") : strcat (line, "N");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_get.c:447:93: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(((Ctrl->G.active) ? B.head[kk].flag : in_bin_flag[kk]) & bit) ? strcat (line, "Y") : strcat (line, "N");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_init.c:325:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (d_start = (int)strlen (Ctrl->D.file)-1; d_start >= 0 && Ctrl->D.file[d_start] != '/'; d_start--); /* Find pos of last slash */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:286:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; Ctrl->F.flags && i < strlen (Ctrl->F.flags); i++) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:340:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 0; i < strlen (Ctrl->F.flags); i++) {
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:416:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_items = strlen (Ctrl->F.flags);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:574:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, "t");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:581:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (record, "T");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:594:49: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(s->geographic) ? strcat (record, "lon") : strcat (record, "x");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_list.c:597:49: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(s->geographic) ? strcat (record, "lat") : strcat (record, "y");
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:188:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pairs_base[n_base], &line[2], 19);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_merge.c:211:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pairs_merge[n_merge], &line[2], 19);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_put.c:241:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (&line[k], Ctrl->T.TAG, strlen(Ctrl->T.TAG))) { /* Hard check to see if the TAG matches what we says it should be */
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:377:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = GMT_BUFSIZ - strlen (record) - 1;
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:379:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (record, " [stdin]", len);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:383:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat (record, " ", len);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:386:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (record, opt->arg, len);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:387:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen (opt->arg);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:391:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (record, word, len);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_report.c:392:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen (word);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:827:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = MAX(max_len, (int)strlen(trk_list[p])+1);
data/gmt-6.1.1+dfsg/src/x2sys/x2sys_solve.c:833:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (line, "\t");
ANALYSIS SUMMARY:
Hits = 7829
Lines analyzed = 319407 in approximately 14.76 seconds (21645 lines/second)
Physical Source Lines of Code (SLOC) = 249021
Hits@level = [0] 2082 [1] 1816 [2] 3529 [3] 48 [4] 2393 [5] 43
Hits@level+ = [0+] 9911 [1+] 7829 [2+] 6013 [3+] 2484 [4+] 2436 [5+] 43
Hits/KSLOC@level+ = [0+] 39.7999 [1+] 31.4391 [2+] 24.1466 [3+] 9.97506 [4+] 9.78231 [5+] 0.172676
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.