Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hepmc3-3.1.2/examples/BasicExamples/HepMC2_reader_example.cc
Examining data/hepmc3-3.1.2/examples/BasicExamples/HepMC3_fileIO_example.cc
Examining data/hepmc3-3.1.2/examples/BasicExamples/basic_tree.cc
Examining data/hepmc3-3.1.2/examples/BasicExamples/hepevt_wrapper_example_main.cc
Examining data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c
Examining data/hepmc3-3.1.2/examples/ConvertExample/cmdline.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/convert_example.cc
Examining data/hepmc3-3.1.2/examples/ConvertExample/include/ReaderGZ.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/include/WriterDOT.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/include/WriterHEPEVTZEUS.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/include/WriterRootTreeOPAL.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h
Examining data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc
Examining data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc
Examining data/hepmc3-3.1.2/examples/ConvertExample/src/WriterRootTreeOPAL.cc
Examining data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C
Examining data/hepmc3-3.1.2/examples/LHEFExample/LHEF_example_cat.cc
Examining data/hepmc3-3.1.2/examples/Pythia8Example/pythia8_example.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample/rootIO_example_read.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample/rootIO_example_write.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample2/class_example_read.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample2/class_example_write.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample2/include/LinkDef.h
Examining data/hepmc3-3.1.2/examples/RootIOExample2/include/MyClass.h
Examining data/hepmc3-3.1.2/examples/RootIOExample2/include/MyRunClass.h
Examining data/hepmc3-3.1.2/examples/RootIOExample2/include/myclass_Classes.h
Examining data/hepmc3-3.1.2/examples/RootIOExample2/src/MyClass.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample2/src/MyRunClass.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample3/rootIOTree_example_read.cc
Examining data/hepmc3-3.1.2/examples/RootIOExample3/rootIOTree_example_write.cc
Examining data/hepmc3-3.1.2/examples/ViewerExample/include/HepMC3ViewerFrame.h
Examining data/hepmc3-3.1.2/examples/ViewerExample/include/LinkDef.h
Examining data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc
Examining data/hepmc3-3.1.2/examples/ViewerExample/src/main.cc
Examining data/hepmc3-3.1.2/include/HepMC3/AssociatedParticle.h
Examining data/hepmc3-3.1.2/include/HepMC3/Attribute.h
Examining data/hepmc3-3.1.2/include/HepMC3/Data/GenEventData.h
Examining data/hepmc3-3.1.2/include/HepMC3/Data/GenParticleData.h
Examining data/hepmc3-3.1.2/include/HepMC3/Data/GenRunInfoData.h
Examining data/hepmc3-3.1.2/include/HepMC3/Data/GenVertexData.h
Examining data/hepmc3-3.1.2/include/HepMC3/Errors.h
Examining data/hepmc3-3.1.2/include/HepMC3/FourVector.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenCrossSection.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenCrossSection_fwd.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenEvent.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenHeavyIon.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenHeavyIon_fwd.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenParticle.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenParticle_fwd.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenPdfInfo.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenPdfInfo_fwd.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenRunInfo.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenVertex.h
Examining data/hepmc3-3.1.2/include/HepMC3/GenVertex_fwd.h
Examining data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h
Examining data/hepmc3-3.1.2/include/HepMC3/HepMC3.h
Examining data/hepmc3-3.1.2/include/HepMC3/LHEF.h
Examining data/hepmc3-3.1.2/include/HepMC3/LHEFAttributes.h
Examining data/hepmc3-3.1.2/include/HepMC3/Print.h
Examining data/hepmc3-3.1.2/include/HepMC3/PrintStreams.h
Examining data/hepmc3-3.1.2/include/HepMC3/Reader.h
Examining data/hepmc3-3.1.2/include/HepMC3/ReaderAscii.h
Examining data/hepmc3-3.1.2/include/HepMC3/ReaderAsciiHepMC2.h
Examining data/hepmc3-3.1.2/include/HepMC3/ReaderFactory.h
Examining data/hepmc3-3.1.2/include/HepMC3/ReaderHEPEVT.h
Examining data/hepmc3-3.1.2/include/HepMC3/ReaderLHEF.h
Examining data/hepmc3-3.1.2/include/HepMC3/Setup.h
Examining data/hepmc3-3.1.2/include/HepMC3/Units.h
Examining data/hepmc3-3.1.2/include/HepMC3/Version.h
Examining data/hepmc3-3.1.2/include/HepMC3/Writer.h
Examining data/hepmc3-3.1.2/include/HepMC3/WriterAscii.h
Examining data/hepmc3-3.1.2/include/HepMC3/WriterAsciiHepMC2.h
Examining data/hepmc3-3.1.2/include/HepMC3/WriterHEPEVT.h
Examining data/hepmc3-3.1.2/interfaces/Photospp/include/Photos/PhotosHepMC3Event.h
Examining data/hepmc3-3.1.2/interfaces/Photospp/include/Photos/PhotosHepMC3Particle.h
Examining data/hepmc3-3.1.2/interfaces/Photospp/src/PhotosHepMC3Event.cc
Examining data/hepmc3-3.1.2/interfaces/Photospp/src/PhotosHepMC3Particle.cc
Examining data/hepmc3-3.1.2/interfaces/Tauolapp/include/Tauola/TauolaHepMC3Event.h
Examining data/hepmc3-3.1.2/interfaces/Tauolapp/include/Tauola/TauolaHepMC3Particle.h
Examining data/hepmc3-3.1.2/interfaces/Tauolapp/src/TauolaHepMC3Event.cxx
Examining data/hepmc3-3.1.2/interfaces/Tauolapp/src/TauolaHepMC3Particle.cxx
Examining data/hepmc3-3.1.2/interfaces/mc-tester/include/HepMC3Event.h
Examining data/hepmc3-3.1.2/interfaces/mc-tester/include/HepMC3Particle.h
Examining data/hepmc3-3.1.2/interfaces/mc-tester/src/HepMC3Event.cxx
Examining data/hepmc3-3.1.2/interfaces/mc-tester/src/HepMC3Particle.cxx
Examining data/hepmc3-3.1.2/interfaces/pythia6/include/Pythia6/Pythia6ToHepMC3.cc
Examining data/hepmc3-3.1.2/interfaces/pythia8/include/Pythia8/Pythia8ToHepMC3.h
Examining data/hepmc3-3.1.2/rootIO/include/HepMC3/ReaderRoot.h
Examining data/hepmc3-3.1.2/rootIO/include/HepMC3/ReaderRootTree.h
Examining data/hepmc3-3.1.2/rootIO/include/HepMC3/WriterRoot.h
Examining data/hepmc3-3.1.2/rootIO/include/HepMC3/WriterRootTree.h
Examining data/hepmc3-3.1.2/rootIO/src/ReaderRoot.cc
Examining data/hepmc3-3.1.2/rootIO/src/ReaderRootTree.cc
Examining data/hepmc3-3.1.2/rootIO/src/Streamers.cc
Examining data/hepmc3-3.1.2/rootIO/src/WriterRoot.cc
Examining data/hepmc3-3.1.2/rootIO/src/WriterRootTree.cc
Examining data/hepmc3-3.1.2/search/include/HepMC3/AttributeFeature.h
Examining data/hepmc3-3.1.2/search/include/HepMC3/Feature.h
Examining data/hepmc3-3.1.2/search/include/HepMC3/Filter.h
Examining data/hepmc3-3.1.2/search/include/HepMC3/FilterAttribute.h
Examining data/hepmc3-3.1.2/search/include/HepMC3/Relatives.h
Examining data/hepmc3-3.1.2/search/include/HepMC3/Selector.h
Examining data/hepmc3-3.1.2/search/src/Relatives.cc
Examining data/hepmc3-3.1.2/search/src/Selector.cc
Examining data/hepmc3-3.1.2/src/GenCrossSection.cc
Examining data/hepmc3-3.1.2/src/GenEvent.cc
Examining data/hepmc3-3.1.2/src/GenHeavyIon.cc
Examining data/hepmc3-3.1.2/src/GenParticle.cc
Examining data/hepmc3-3.1.2/src/GenPdfInfo.cc
Examining data/hepmc3-3.1.2/src/GenRunInfo.cc
Examining data/hepmc3-3.1.2/src/GenVertex.cc
Examining data/hepmc3-3.1.2/src/HEPEVT_Wrapper.cc
Examining data/hepmc3-3.1.2/src/LHEFAttributes.cc
Examining data/hepmc3-3.1.2/src/Print.cc
Examining data/hepmc3-3.1.2/src/ReaderAscii.cc
Examining data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc
Examining data/hepmc3-3.1.2/src/ReaderHEPEVT.cc
Examining data/hepmc3-3.1.2/src/ReaderLHEF.cc
Examining data/hepmc3-3.1.2/src/Setup.cc
Examining data/hepmc3-3.1.2/src/WriterAscii.cc
Examining data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc
Examining data/hepmc3-3.1.2/src/WriterHEPEVT.cc
Examining data/hepmc3-3.1.2/test/HepMC3TestUtils.h
Examining data/hepmc3-3.1.2/test/IsGoodEvent.h
Examining data/hepmc3-3.1.2/test/McTesterValidationTool.cc
Examining data/hepmc3-3.1.2/test/McTesterValidationTool.h
Examining data/hepmc3-3.1.2/test/PhotosValidationTool.cc
Examining data/hepmc3-3.1.2/test/PhotosValidationTool.h
Examining data/hepmc3-3.1.2/test/PythiaValidationTool.cc
Examining data/hepmc3-3.1.2/test/PythiaValidationTool.h
Examining data/hepmc3-3.1.2/test/SimpleEventTool.cc
Examining data/hepmc3-3.1.2/test/SimpleEventTool.h
Examining data/hepmc3-3.1.2/test/TauolaValidationTool.cc
Examining data/hepmc3-3.1.2/test/TauolaValidationTool.h
Examining data/hepmc3-3.1.2/test/Timer.h
Examining data/hepmc3-3.1.2/test/ValidationControl.cc
Examining data/hepmc3-3.1.2/test/ValidationControl.h
Examining data/hepmc3-3.1.2/test/ValidationTool.h
Examining data/hepmc3-3.1.2/test/testBoost.cc
Examining data/hepmc3-3.1.2/test/testDelete.cc
Examining data/hepmc3-3.1.2/test/testDelete2.cc
Examining data/hepmc3-3.1.2/test/testIO1.cc
Examining data/hepmc3-3.1.2/test/testIO2.cc
Examining data/hepmc3-3.1.2/test/testIO3.cc
Examining data/hepmc3-3.1.2/test/testIO4.cc
Examining data/hepmc3-3.1.2/test/testIO5.cc
Examining data/hepmc3-3.1.2/test/testIO6.cc
Examining data/hepmc3-3.1.2/test/testLoops.cc
Examining data/hepmc3-3.1.2/test/testMCTester1.cc
Examining data/hepmc3-3.1.2/test/testMass.cc
Examining data/hepmc3-3.1.2/test/testMultipleCopies.cc
Examining data/hepmc3-3.1.2/test/testPhotos1.cc
Examining data/hepmc3-3.1.2/test/testPolarization.cc
Examining data/hepmc3-3.1.2/test/testPrintBug.cc
Examining data/hepmc3-3.1.2/test/testPythia1.cc
Examining data/hepmc3-3.1.2/test/testPythia2.cc
Examining data/hepmc3-3.1.2/test/testReaderFactory1.cc
Examining data/hepmc3-3.1.2/test/testReaderFactory2.cc
Examining data/hepmc3-3.1.2/test/testTauola1.cc
Examining data/hepmc3-3.1.2/test/testThreads1.cc
Examining data/hepmc3-3.1.2/test/testUnits.cc
Examining data/hepmc3-3.1.2/test/testWeights.cc
FINAL RESULTS:
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:401:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s);
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:22:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cursor +=sprintf(cursor, "%-52s% 19.11E% 19.11E% 19.11E% 19.11E% 19.11E\n"," ",HEPEVT_Wrapper::x(index),HEPEVT_Wrapper::y(index),HEPEVT_Wrapper::z(index),HEPEVT_Wrapper::t(index),0.0);
data/hepmc3-3.1.2/src/WriterAscii.cc:107:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
m_cursor += sprintf(m_cursor, "U %s %s\n", Units::name(evt.momentum_unit()).c_str(), Units::name(evt.length_unit()).c_str());
data/hepmc3-3.1.2/src/WriterAscii.cc:131:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_cursor, "A %i %s ",vt2.first,vt1.first.c_str());
data/hepmc3-3.1.2/src/WriterAscii.cc:302:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_cursor, "A %s ", att.first.c_str());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:153:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
m_cursor += sprintf(m_cursor, " \"%s\"",names[q].c_str());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:160:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
m_cursor += sprintf(m_cursor, "U %s %s\n", Units::name(evt.momentum_unit()).c_str(), Units::name(evt.length_unit()).c_str());
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:42:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cursor +=sprintf(cursor, "%-48s% 19.8E% 19.8E% 19.8E% 19.8E\n"," ",HEPEVT_Wrapper::x(index),HEPEVT_Wrapper::y(index),HEPEVT_Wrapper::z(index),HEPEVT_Wrapper::t(index));
data/hepmc3-3.1.2/examples/BasicExamples/HepMC2_reader_example.cc:37:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( argc >= 4 ) events_limit = atoi(argv[3]);
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:370:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(filename, "w");
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:1444:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*((char ***)field))[i + field_given] = tmp->arg.string_arg; break;
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:1464:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*((char ***)field))[0] = gengetopt_strdup(default_value->string_arg);
data/hepmc3-3.1.2/examples/ConvertExample/convert_example.cc:165:107: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (options.find("Run")!=options.end()) ((WriterRootTreeOPAL*)(output_file))->set_run_number(std::atoi(options.at("Run").c_str()));
data/hepmc3-3.1.2/examples/ConvertExample/convert_example.cc:183:94: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (options.find("Style")!=options.end()) ((WriterDOT*)(output_file))->set_style(std::atoi(options.at("Style").c_str()));
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[bufferSize]; // data buffer
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:65:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzstreambuf* open( const char* name, int open_mode);
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:81:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( const char* name, int open_mode);
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:98:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( const char* name, int open_mode = std::ios::in) {
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:99:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzstreambase::open( name, open_mode);
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:109:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( const char* name, int open_mode = std::ios::out) {
data/hepmc3-3.1.2/examples/ConvertExample/include/gzstream.h:110:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzstreambase::open( name, open_mode);
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:51:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "digraph graphname%d {\n",evt.event_number());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:52:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v0[label=\"Machine\"];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:58:49: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (v->status()==2) m_cursor += sprintf(m_cursor, "node [color=\"green\"];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:59:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor += sprintf(m_cursor, "node [color=\"black\"];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:62:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=ellipse];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:63:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d[label=\"%d\"];\n", -v->id(),v->id());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:68:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=point];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:69:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v0 -> v%d [label=\"%d(%d)\"];\n", -p->end_vertex()->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:79:88: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (is_parton(std::abs(p->pid()))&&p->status()!=1) m_cursor += sprintf(m_cursor, "edge [color=\"red\"];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:80:48: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor +=sprintf(m_cursor, "edge [color=\"black\"];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:85:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=point];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:86:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d -> o%d [label=\"%d(%d)\"];\n", -v->id(),p->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:90:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=ellipse];\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:91:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d -> v%d [label=\"%d(%d)\"];\n", -v->id(),-p->end_vertex()->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:96:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "labelloc=\"t\";\nlabel=\"Event %d; Vertices %lu; Particles %lu;\";\n", evt.event_number(), evt.vertices().size(), evt.particles().size());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterDOT.cc:97:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"}\n\n");
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];//Note: the format is fixed, so no reason for complicatied tratment
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:10:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor," E % 12i% 12i% 12i\n",HEPEVT_Wrapper::event_number(),0,HEPEVT_Wrapper::number_entries());
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];//Note: the format is fixed, so no reason for complicatied tratment
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:18:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 12i% 8i",HEPEVT_Wrapper::status(index), HEPEVT_Wrapper::id(index));
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:19:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 8i% 8i",HEPEVT_Wrapper::first_parent(index),HEPEVT_Wrapper::last_parent(index));
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:20:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 8i% 8i",HEPEVT_Wrapper::first_child(index),HEPEVT_Wrapper::last_child(index));
data/hepmc3-3.1.2/examples/ConvertExample/src/WriterHEPEVTZEUS.cc:21:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor, "% 19.11E% 19.11E% 19.11E% 19.11E% 19.11E\n",HEPEVT_Wrapper::px(index),HEPEVT_Wrapper::py(index),HEPEVT_Wrapper::pz(index),HEPEVT_Wrapper::e(index),HEPEVT_Wrapper::m(index));
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:45:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzstreambuf* gzstreambuf::open( const char* name, int open_mode) {
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmode[10];
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer + (4 - n_putback), gptr() - n_putback, n_putback);
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:142:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open( name, mode);
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:149:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void gzstreambase::open( const char* name, int open_mode) {
data/hepmc3-3.1.2/examples/ConvertExample/src/gzstream.C:150:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ! buf.open( name, open_mode))
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:55:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "digraph graphname%d {\n",evt.event_number());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:56:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v0[label=\"Machine\"];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:63:49: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (v->status()==2) m_cursor += sprintf(m_cursor, "node [color=\"green\"];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:64:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor += sprintf(m_cursor, "node [color=\"black\"];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:87:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=rectangle];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:88:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d [label=\"%d\nd=%4.2f\"];\n", -v->id(),v->id(),energyviolation);
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:92:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=ellipse];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:93:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d[label=\"%d\"];\n", -v->id(),v->id());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:96:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=ellipse];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:101:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=point];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:102:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v0 -> v%d [label=\"%d(%d)\"];\n", -p->end_vertex()->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:115:76: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (show_as_parton(p)&&p->status()!=1) m_cursor += sprintf(m_cursor, "edge [color=\"red\"];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:116:48: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor +=sprintf(m_cursor, "edge [color=\"black\"];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:121:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "node [shape=point];\n");
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:122:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d -> o%d [label=\"%d(%d)\"];\n", -v->id(),p->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:126:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "v%d -> v%d [label=\"%d(%d)\"];\n", -v->id(),-p->end_vertex()->id(),p->id(),p->pid());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:130:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "labelloc=\"t\";\nlabel=\"Event %d; Vertices %lu; Particles %lu;\";\n", evt.event_number(), evt.vertices().size(), evt.particles().size());
data/hepmc3-3.1.2/examples/ViewerExample/src/HepMC3ViewerFrame.cc:131:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"}\n\n");
data/hepmc3-3.1.2/include/HepMC3/Attribute.h:169:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_val = atoi( att.c_str() );
data/hepmc3-3.1.2/include/HepMC3/Attribute.h:210:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_val = atol( att.c_str() );
data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h:161:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%5i %6i",index,hepevtptr->idhep[index-1]);
data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h:163:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%4i - %4i ",hepevtptr->jmohep[index-1][0],hepevtptr->jmohep[index-1][1]);
data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h:165:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%4i - %4i ",hepevtptr->jdahep[index-1][0],hepevtptr->jdahep[index-1][1]);
data/hepmc3-3.1.2/include/HepMC3/HEPEVT_Wrapper.h:168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%8.2f %8.2f %8.2f %8.2f %8.2f",hepevtptr->phep[index-1][0],hepevtptr->phep[index-1][1],hepevtptr->phep[index-1][2],hepevtptr->phep[index-1][3],hepevtptr->phep[index-1][4]);
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:166:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = std::atoi(it->second.c_str());
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:177:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = int(std::atoi(it->second.c_str()));
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:399:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = std::atoi(it->second.c_str());
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:413:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = int(std::atoi(it->second.c_str()));
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:2937:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
efile.open(fname.c_str());
data/hepmc3-3.1.2/include/HepMC3/LHEF.h:3175:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
efile.open(fname.c_str());
data/hepmc3-3.1.2/rootIO/src/WriterRoot.cc:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16] = "";
data/hepmc3-3.1.2/rootIO/src/WriterRoot.cc:49:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%15i",++m_events_count);
data/hepmc3-3.1.2/src/GenCrossSection.cc:54:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
accepted_events = atoi(cursor);
data/hepmc3-3.1.2/src/GenCrossSection.cc:56:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else attempted_events = atoi(cursor);
data/hepmc3-3.1.2/src/GenPdfInfo.cc:21:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parton_id[0] = atoi(cursor);
data/hepmc3-3.1.2/src/GenPdfInfo.cc:24:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parton_id[1] = atoi(cursor);
data/hepmc3-3.1.2/src/GenPdfInfo.cc:42:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf_id[0] = atoi(cursor);
data/hepmc3-3.1.2/src/GenPdfInfo.cc:45:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf_id[1] = atoi(cursor);
data/hepmc3-3.1.2/src/GenPdfInfo.cc:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/hepmc3-3.1.2/src/GenPdfInfo.cc:53:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%i %i %.8e %.8e %.8e %.8e %.8e %i %i",
data/hepmc3-3.1.2/src/ReaderAscii.cc:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[max_buffer_size];
data/hepmc3-3.1.2/src/ReaderAscii.cc:199:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_no = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:204:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret.first = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:208:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret.second = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:285:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:289:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_status( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAscii.cc:297:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int particle_in = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:356:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi(cursor) != (int)evt.particles().size() + 1 ) {
data/hepmc3-3.1.2/src/ReaderAscii.cc:364:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mother_id = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:400:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_pid( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAscii.cc:425:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_status( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAscii.cc:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/hepmc3-3.1.2/src/ReaderAscii.cc:442:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:448:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"%.*s", (int)(cursor2-cursor), cursor);
data/hepmc3-3.1.2/src/ReaderAscii.cc:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/hepmc3-3.1.2/src/ReaderAscii.cc:469:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"%.*s", (int)(cursor2-cursor), cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[max_buffer_size];
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:261:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_no = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:266:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shared_ptr<IntAttribute> mpi = make_shared<IntAttribute>(atoi(cursor));
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:286:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shared_ptr<IntAttribute> signal_process_id = make_shared<IntAttribute>(atoi(cursor));
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:291:80: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shared_ptr<IntAttribute> signal_process_vertex = make_shared<IntAttribute>(atoi(cursor));
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:296:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vertices_count = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:306:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
random_states_size = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:311:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
random_states[i] = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:319:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weights_size = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:365:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
barcode = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:369:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_status( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:393:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_particles_out = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:398:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weights_size = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:435:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_pid( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:460:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->set_status( atoi(cursor) );
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:474:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end_vtx = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:478:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flowsize=atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:483:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flowindex=atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:485:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flowvalue=atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:533:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
w_count = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:562:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Ncoll_hard = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:565:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Npart_proj = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:568:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Npart_targ = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:571:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Ncoll = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:574:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->spectator_neutrons = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:577:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->spectator_protons = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:580:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->N_Nwounded_collisions = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:583:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Nwounded_N_collisions = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:586:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi->Nwounded_Nwounded_collisions = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:613:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pi->parton_id[0] = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:616:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pi->parton_id[1] = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:636:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(pdfids) pi->pdf_id[0] = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:640:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(pdfids) pi->pdf_id[1] = atoi(cursor);
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_e[max_e_buffer_size];
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_p[max_p_buffer_size];
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_v[max_v_buffer_size];
data/hepmc3-3.1.2/src/WriterAscii.cc:87:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "E %d %lu %lu", evt.event_number(), evt.vertices().size(), evt.particles().size());
data/hepmc3-3.1.2/src/WriterAscii.cc:93:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," @ %.*e",m_precision,pos.x());
data/hepmc3-3.1.2/src/WriterAscii.cc:95:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.y());
data/hepmc3-3.1.2/src/WriterAscii.cc:97:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.z());
data/hepmc3-3.1.2/src/WriterAscii.cc:99:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.t());
data/hepmc3-3.1.2/src/WriterAscii.cc:114:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " %.*e",std::min(3*m_precision,22), w);
data/hepmc3-3.1.2/src/WriterAscii.cc:210:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf( m_cursor, "V %i %i [",v->id(),v->status() );
data/hepmc3-3.1.2/src/WriterAscii.cc:221:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"%i", pid);
data/hepmc3-3.1.2/src/WriterAscii.cc:224:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor += sprintf(m_cursor,",%i",pid);
data/hepmc3-3.1.2/src/WriterAscii.cc:231:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"] @ %.*e",m_precision,pos.x());
data/hepmc3-3.1.2/src/WriterAscii.cc:233:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.y());
data/hepmc3-3.1.2/src/WriterAscii.cc:235:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.z());
data/hepmc3-3.1.2/src/WriterAscii.cc:237:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e\n", m_precision,pos.t());
data/hepmc3-3.1.2/src/WriterAscii.cc:241:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"]\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:280:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "W ");
data/hepmc3-3.1.2/src/WriterAscii.cc:313:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"P %i",p->id());
data/hepmc3-3.1.2/src/WriterAscii.cc:316:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", second_field);
data/hepmc3-3.1.2/src/WriterAscii.cc:318:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", p->pid() );
data/hepmc3-3.1.2/src/WriterAscii.cc:320:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().px() );
data/hepmc3-3.1.2/src/WriterAscii.cc:322:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().py());
data/hepmc3-3.1.2/src/WriterAscii.cc:324:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().pz() );
data/hepmc3-3.1.2/src/WriterAscii.cc:326:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().e() );
data/hepmc3-3.1.2/src/WriterAscii.cc:328:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->generated_mass() );
data/hepmc3-3.1.2/src/WriterAscii.cc:330:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i\n", p->status() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:121:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "E %d %d %e %e %e %d %d %lu %i %i",
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:134:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " %zu",m_random_states.size());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:137:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " %ii",(int)q);
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:142:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " %lu",evt.weights().size());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:144:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " %.*e",m_precision, w);
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:148:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, "N %lu",evt.weights().size());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:155:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor, " \"%i\"",(int)q);
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:163:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(cs) {m_cursor += sprintf(m_cursor, "C %.*e %.*e\n",m_precision, cs->xsec(),m_precision,cs->xsec_err()); flush(); }
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:184:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_cursor, "F ");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:270:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf( m_cursor, "V %i %i",v->id(),v->status() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:284:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," 0 0 0 0");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:288:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e",m_precision,pos.x());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:290:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.y());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:292:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.z());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:294:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,pos.t());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:297:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i %lu %lu",orph,v->particles_out().size(),weights.size());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:299:57: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (size_t i=0; i<weights.size(); i++) m_cursor += sprintf(m_cursor," %.*e", m_precision,weights[i]);
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:332:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor,"P %i",int(10001+m_particle_counter));
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:335:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", p->pid() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:337:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().px() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:339:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().py());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:341:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().pz() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:343:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->momentum().e() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:345:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %.*e", m_precision,p->generated_mass() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:347:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", p->status() );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:356:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (A_theta) m_cursor += sprintf(m_cursor," %.*e", m_precision, A_theta->value());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:357:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor += sprintf(m_cursor," 0");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:359:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (A_phi) m_cursor += sprintf(m_cursor," %.*e", m_precision, A_phi->value());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:360:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else m_cursor += sprintf(m_cursor," 0");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:362:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", ev );
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:370:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
m_cursor += sprintf(m_cursor," %i", flowsize);
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:371:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (A_flow1) m_cursor += sprintf(m_cursor," 1 %i", A_flow1->value());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:372:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (A_flow2) m_cursor += sprintf(m_cursor," 2 %i", A_flow2->value());
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];//Note: the format is fixed, so no reason for complicatied tratment
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:36:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor, "% 8i% 8i",HEPEVT_Wrapper::status(index), HEPEVT_Wrapper::id(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:39:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 8i% 8i",HEPEVT_Wrapper::first_parent(index),HEPEVT_Wrapper::last_parent(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:40:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 8i% 8i",HEPEVT_Wrapper::first_child(index),HEPEVT_Wrapper::last_child(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:41:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"% 19.8E% 19.8E% 19.8E% 19.8E% 19.8E\n",HEPEVT_Wrapper::px(index),HEPEVT_Wrapper::py(index),HEPEVT_Wrapper::pz(index),HEPEVT_Wrapper::e(index),HEPEVT_Wrapper::m(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:46:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor, "% 8i% 8i",HEPEVT_Wrapper::first_child(index),HEPEVT_Wrapper::last_child(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:47:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor, "% 19.8E% 19.8E% 19.8E% 19.8E\n",HEPEVT_Wrapper::px(index),HEPEVT_Wrapper::py(index),HEPEVT_Wrapper::pz(index),HEPEVT_Wrapper::m(index));
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];//Note: the format is fixed, so no reason for complicatied tratment
data/hepmc3-3.1.2/src/WriterHEPEVT.cc:57:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cursor +=sprintf(cursor,"E% 8i %8i\n",HEPEVT_Wrapper::event_number(),HEPEVT_Wrapper::number_entries());
data/hepmc3-3.1.2/test/HepMC3TestUtils.h:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string1[16*256], string2[16*256];
data/hepmc3-3.1.2/test/ValidationControl.cc:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/hepmc3-3.1.2/test/ValidationControl.cc:145:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else events = atoi(buf);
data/hepmc3-3.1.2/test/ValidationControl.cc:154:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else events = atoi(buf);
data/hepmc3-3.1.2/test/testIO5.cc:20:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
isrA.open("inputI05.hepmc",std::ios::in );
data/hepmc3-3.1.2/test/testIO5.cc:25:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
osrA.open("frominputI05.hepmc",std::ios::out);
data/hepmc3-3.1.2/test/testIO5.cc:44:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
isrB.open("frominputI05.hepmc",ios_base::in );
data/hepmc3-3.1.2/test/testIO5.cc:49:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
osrB.open ("fromfrominputI05.hepmc",ios_base::out );
data/hepmc3-3.1.2/test/testMCTester1.cc:11:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Finput=fopen("testMCTester1.input","w");
data/hepmc3-3.1.2/test/testMCTester1.cc:42:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Fconfig=fopen("testMCTester1.config","w");
data/hepmc3-3.1.2/test/testPhotos1.cc:11:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Finput=fopen("testPhotos1.input","w");
data/hepmc3-3.1.2/test/testPhotos1.cc:42:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Fconfig=fopen("testPhotos1.config","w");
data/hepmc3-3.1.2/test/testPythia1.cc:11:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Finput=fopen("testPythia1.input","w");
data/hepmc3-3.1.2/test/testPythia1.cc:41:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Fconfig=fopen("testPythia1.config","w");
data/hepmc3-3.1.2/test/testPythia2.cc:11:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Finput=fopen("testPythia2.input","w");
data/hepmc3-3.1.2/test/testPythia2.cc:41:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* Fconfig=fopen("testPythia2.config","w");
data/hepmc3-3.1.2/test/testTauola1.cc:11:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* F=fopen("testTauola1.config","w");
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(CMDLINE_PARSER_PACKAGE_NAME) ? CMDLINE_PARSER_PACKAGE_NAME : CMDLINE_PARSER_PACKAGE),
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:129:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_versiontext) > 0)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:136:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_purpose) > 0)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:139:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_usage) > 0)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:144:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_description) > 0)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:288:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, len = strlen(val); values[i]; ++i)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:294:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[i]) == len)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:398:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*)malloc(strlen(s) + 1);
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:434:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arg) + 1;
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:479:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! tok || strlen(tok) == 1)
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:938:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen(p->name)) {
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:960:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->nextchar += strlen(d->nextchar);
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:984:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->nextchar += strlen(d->nextchar);
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:998:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->nextchar += strlen(d->nextchar);
data/hepmc3-3.1.2/examples/ConvertExample/cmdline.c:1003:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->nextchar += strlen(d->nextchar);
data/hepmc3-3.1.2/examples/ConvertExample/include/ReaderGZ.h:46:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char *) file_magic.bytes, sizeof(file_magic));
data/hepmc3-3.1.2/src/ReaderAscii.cc:68:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf) == 0 ) continue;
data/hepmc3-3.1.2/src/ReaderAsciiHepMC2.cc:76:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf) == 0 ) continue;
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:55:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf_e) == 0 ) return false;
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:86:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf_p) == 0 ) return false;
data/hepmc3-3.1.2/src/ReaderHEPEVT.cc:89:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf_v) == 0 ) return false;
data/hepmc3-3.1.2/src/WriterAscii.cc:103:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor,"\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:112:21: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "W");
data/hepmc3-3.1.2/src/WriterAscii.cc:115:21: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:134:29: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:283:21: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:291:21: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:305:25: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAscii.cc:341:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_cursor,str.data(),str.length());
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:145:21: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:157:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:187:33: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor, "\n");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:300:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor,"\n");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:373:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
m_cursor += sprintf(m_cursor,"\n");
data/hepmc3-3.1.2/src/WriterAsciiHepMC2.cc:386:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_cursor,str.data(),str.length());
data/hepmc3-3.1.2/test/ValidationControl.cc:69:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(buf) < 3 || buf[0] == ' ' || buf[0] == '#' ) {
ANALYSIS SUMMARY:
Hits = 262
Lines analyzed = 24958 in approximately 0.71 seconds (35344 lines/second)
Physical Source Lines of Code (SLOC) = 14930
Hits@level = [0] 157 [1] 36 [2] 218 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 419 [1+] 262 [2+] 226 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 28.0643 [1+] 17.5486 [2+] 15.1373 [3+] 0.535834 [4+] 0.535834 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.