Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iraf-2.16.1+2018.11.01/include/drvrsmem.h
Examining data/iraf-2.16.1+2018.11.01/lib/chars.h
Examining data/iraf-2.16.1+2018.11.01/lib/clio.h
Examining data/iraf-2.16.1+2018.11.01/lib/clset.h
Examining data/iraf-2.16.1+2018.11.01/lib/ctotok.h
Examining data/iraf-2.16.1+2018.11.01/lib/ctype.h
Examining data/iraf-2.16.1+2018.11.01/lib/diropen.h
Examining data/iraf-2.16.1+2018.11.01/lib/error.h
Examining data/iraf-2.16.1+2018.11.01/lib/evexpr.h
Examining data/iraf-2.16.1+2018.11.01/lib/evvexpr.h
Examining data/iraf-2.16.1+2018.11.01/lib/finfo.h
Examining data/iraf-2.16.1+2018.11.01/lib/fio.h
Examining data/iraf-2.16.1+2018.11.01/lib/fmlfstat.h
Examining data/iraf-2.16.1+2018.11.01/lib/fmset.h
Examining data/iraf-2.16.1+2018.11.01/lib/fset.h
Examining data/iraf-2.16.1+2018.11.01/lib/gescape.h
Examining data/iraf-2.16.1+2018.11.01/lib/gim.h
Examining data/iraf-2.16.1+2018.11.01/lib/gio.h
Examining data/iraf-2.16.1+2018.11.01/lib/gki.h
Examining data/iraf-2.16.1+2018.11.01/lib/gset.h
Examining data/iraf-2.16.1+2018.11.01/lib/imhdr.h
Examining data/iraf-2.16.1+2018.11.01/lib/imio.h
Examining data/iraf-2.16.1+2018.11.01/lib/imset.h
Examining data/iraf-2.16.1+2018.11.01/lib/lexnum.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/curfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/gsurfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/iminterp.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/interp.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/nlfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/math/surfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/mii.h
Examining data/iraf-2.16.1+2018.11.01/lib/mwset.h
Examining data/iraf-2.16.1+2018.11.01/lib/nmi.h
Examining data/iraf-2.16.1+2018.11.01/lib/nspp.h
Examining data/iraf-2.16.1+2018.11.01/lib/pattern.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/center1d.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/dttext.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/gtools.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/icfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/igsfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/inlfit.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/mef.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/rg.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/rmsorted.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/skywcs.h
Examining data/iraf-2.16.1+2018.11.01/lib/pkg/xtanswer.h
Examining data/iraf-2.16.1+2018.11.01/lib/plio.h
Examining data/iraf-2.16.1+2018.11.01/lib/plset.h
Examining data/iraf-2.16.1+2018.11.01/lib/pmset.h
Examining data/iraf-2.16.1+2018.11.01/lib/poll.h
Examining data/iraf-2.16.1+2018.11.01/lib/printf.h
Examining data/iraf-2.16.1+2018.11.01/lib/protect.h
Examining data/iraf-2.16.1+2018.11.01/lib/prstat.h
Examining data/iraf-2.16.1+2018.11.01/lib/psset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpexset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpioset.h
Examining data/iraf-2.16.1+2018.11.01/lib/qpset.h
Examining data/iraf-2.16.1+2018.11.01/lib/syserr.h
Examining data/iraf-2.16.1+2018.11.01/lib/tbset.h
Examining data/iraf-2.16.1+2018.11.01/lib/time.h
Examining data/iraf-2.16.1+2018.11.01/lib/ttset.h
Examining data/iraf-2.16.1+2018.11.01/lib/ttyset.h
Examining data/iraf-2.16.1+2018.11.01/lib/votParse_spp.h
Examining data/iraf-2.16.1+2018.11.01/lib/xalloc.h
Examining data/iraf-2.16.1+2018.11.01/lib/xwhen.h
Examining data/iraf-2.16.1+2018.11.01/math/curfit/curfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/curfit/dcurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/deboor/bspln.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/dgsurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/gsurfit.h
Examining data/iraf-2.16.1+2018.11.01/math/gsurfit/gsurfitdef.h
Examining data/iraf-2.16.1+2018.11.01/math/iminterp/im1interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/iminterp/im2interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/asidef.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/interp.h
Examining data/iraf-2.16.1+2018.11.01/math/interp/interpdef.h
Examining data/iraf-2.16.1+2018.11.01/math/nlfit/nlfitdefd.h
Examining data/iraf-2.16.1+2018.11.01/math/nlfit/nlfitdefr.h
Examining data/iraf-2.16.1+2018.11.01/math/slalib/rtl_random.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/sla.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c
Examining data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h
Examining data/iraf-2.16.1+2018.11.01/math/surfit/surfitdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/artdata/gammln.c
Examining data/iraf-2.16.1+2018.11.01/noao/artdata/lists/starlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/acatalog.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/aimpars.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/aimparsdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h
Examining data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/astutil/astfunc.h
Examining data/iraf-2.16.1+2018.11.01/noao/astutil/pdm/pdm.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/center.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/centerdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/display.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/displaydef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/find.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/finddef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitpsf.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitpsfdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitsky.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/fitskydef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/noise.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/noisedef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/phot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/photdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/polyphot.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/polyphotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprof.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/daoedit/daoedit.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/allstardef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/apseldef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/daophotdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/nstardef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/peakdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/psfdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/lib/ptkeysdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/debug/debug.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/apfile.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/fitparams.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/io.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/lexer.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/mctable.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/obsfile.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/parser.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prdefs.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/preval.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prtoken.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/parser/y.tab.h
Examining data/iraf-2.16.1+2018.11.01/noao/digiphot/ptools/pexamine/pexamine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdcache.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/combine/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/combine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/cosmic/crlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/generic/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/ccdred/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/crutil/src/crlist.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/dtoi/hdicfit/hdicfit.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdcache.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/ccdproc/generic/ccdred.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/quad/ccdtypes.h
Examining data/iraf-2.16.1+2018.11.01/noao/imred/quadred/src/quad/quadgeom.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/funits.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/smw.h
Examining data/iraf-2.16.1+2018.11.01/noao/lib/units.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/camera/rcamera.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/cyber.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/rrcopy/rrcopy.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/idsmtn/idsmtn.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/pds/rpds.h
Examining data/iraf-2.16.1+2018.11.01/noao/mtlocal/r2df/r2df.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/ace.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/acedetect.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/acesky.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/cat.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/detect.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/display.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/evaluate.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/filter.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/grow.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/objs.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/sky.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/skyblock.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/skyfit.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ace/split.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/ir/iralign.h
Examining data/iraf-2.16.1+2018.11.01/noao/nproto/slitpic.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/specfocus/specfocus.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/sptime/sptime.h
Examining data/iraf-2.16.1+2018.11.01/noao/obsutil/src/starfocus/starfocus.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/dctable.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/dispcor.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/dispcor/refspectra.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/ecidentify/ecffit/ecffit.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/ecidentify/ecidentify.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/identify/autoid/autoid.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/identify/identify.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/irsiids/idsmtn.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/srcwt/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/odcombine/srcwt/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/scombine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/sensfunc/sensfunc.h
Examining data/iraf-2.16.1+2018.11.01/noao/onedspec/specplot.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvcomdef.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvcont.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvfilter.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvflags.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvidlines/identify.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvkeywords.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvpackage.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvplots.h
Examining data/iraf-2.16.1+2018.11.01/noao/rv/rvsample.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/apextract/apertures.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/apextract/apparams.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/longslit/lscombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/longslit/lscombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/multispec/dbio/dbio.h
Examining data/iraf-2.16.1+2018.11.01/noao/twodspec/multispec/ms.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clmodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clprintf.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/config.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/construct.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/errs.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/errs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/globals.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/grammar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/history.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lexicon.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/lists.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/mem.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/operand.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/param.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/param.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/proto.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/stack.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/task.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/task.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/cl/main.c
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/exbltins.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/exfcn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/export/export.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/wfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/import/import.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/import/ipfcn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/imtext/imtext.h
Examining data/iraf-2.16.1+2018.11.01/pkg/dataio/reblock/reblock.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clmodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clprintf.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/config.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/construct.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/globals.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/grammar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lexicon.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/lists.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/mem.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/param.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/proto.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/stack.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/task.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imcoords/src/starfind.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/fmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/fmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/frmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/frmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/median.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/mode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/rmedian.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfilter/src/rmode.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfit/src/imsurfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imfit/src/pixlist.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/geometry/geotran.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icmask.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icombine.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/linmatch/linmatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/linmatch/lsqfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/psfmatch/psfmatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/wcsmatch/wcsxymatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/xregister/xregister.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/gettok.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imsum.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/imutil/src/imtile.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/geogmap.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/geomap.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/lib/xyxymatch.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/ace.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/display.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/iis.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/display/zdisplay.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/ids/font.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/iism70/iis.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/src/cv.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/src/gwindow.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imedit/epix.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imexamine/imexam.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/imexamine/starfocus.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/tvmark/tvmark.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h
Examining data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcslab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/fits/rfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/fits/wfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/imcombine/icombine.h
Examining data/iraf-2.16.1+2018.11.01/pkg/obsolete/oimstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/plot/crtpict/crtpict.h
Examining data/iraf-2.16.1+2018.11.01/pkg/plot/crtpict/wdes.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/maskexpr/gettok.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/maskexpr/peregfuncs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/masks/mimstat.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/masks/rskysub.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/vol/src/i2sun/i2sun.h
Examining data/iraf-2.16.1+2018.11.01/pkg/proto/vol/src/pvol.h
Examining data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h
Examining data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/lroff/lroff.h
Examining data/iraf-2.16.1+2018.11.01/pkg/system/help/xhelp/xhelp.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/fitsio/fitssppb/fitsio.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/fitsio_spp.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/tcs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/trs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/selector/whatfile.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblfits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbltext.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbtables.h
Examining data/iraf-2.16.1+2018.11.01/pkg/tbtables/underscore.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/curfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/copyone/filetype.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/imtab/imtab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/keyselect/keyselect.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/lib/reloperr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/cif.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/sbuf.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/template.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/vex.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/psiescape.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcslab.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tcheck/tcheck.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/command.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/curses.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/curses/window.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/formfn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/linefn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/forms/promptfn.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/field.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/paste.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/screen.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/table.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/texpand/lexoper.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tbtables.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tiimage/tiimage.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tjoin/tjoin.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tprint/tprint.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/trebin/trebin.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tstat/thistogram.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tunits/tunits.h
Examining data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tupar/tupar.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cqdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/center1d.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/cogetr.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/fixpix/xtfixpix.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/gammln.c
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/gtools/gtools.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/icfit/icfit.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/icfit/names.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/inlfit/inlfitdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcs.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h
Examining data/iraf-2.16.1+2018.11.01/pkg/xtools/xtanswer.h
Examining data/iraf-2.16.1+2018.11.01/sys/clio/clpset.h
Examining data/iraf-2.16.1+2018.11.01/sys/etc/environ.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmlfstat.h
Examining data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/fonts/mkfont.c
Examining data/iraf-2.16.1+2018.11.01/sys/gio/gks/gks.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgk.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/font.h
Examining data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h
Examining data/iraf-2.16.1+2018.11.01/sys/gty/gty.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/db/idb.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imhv1.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/imhv2.h
Examining data/iraf-2.16.1+2018.11.01/sys/imfort/oif.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/db/idb.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/dbc/idbc.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/fxf/fxf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/imhv1.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/imhv2.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/oif/oif.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/plf/plf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/qpf/qpf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/iki/stf/stf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/imt/fxf.h
Examining data/iraf-2.16.1+2018.11.01/sys/imio/imt/imx.h
Examining data/iraf-2.16.1+2018.11.01/sys/ki/ki.h
Examining data/iraf-2.16.1+2018.11.01/sys/ki/zzrdks.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atof.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atoi.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/atol.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/caccess.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/calloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/callocate.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cclktime.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cclose.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ccnvdate.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ccnvtime.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cdelete.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvget.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvlist.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvmark.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cenvscan.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerract.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerrcode.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerrget.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cerror.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfchdir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfilbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfinfo.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cflsbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfmapfn.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfmkdir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnextn.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnldir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfnroot.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfpath.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfredir.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfseti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cfstati.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgetpid.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgetuid.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cgflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cimaccess.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cimdrcur.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ckimapc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/clexnum.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cmktemp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cndopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cnote.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/copen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/coscmd.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cpoll.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprcon.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprdet.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crcursor.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crdukey.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cread.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/crename.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/creopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/csalloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cseek.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/csppstr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstropen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstrpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cstrupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ctsleep.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttset.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttycdes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyclear.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyclln.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyctrl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygetb.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygeti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygetr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttygoto.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyinit.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyodes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyputl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyputs.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyseti.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttyso.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cttystati.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ctype.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cungetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cungetl.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cvfnbrk.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cwmsec.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cwrite.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxgmes.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxonerr.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxttysize.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/cxwhen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/eprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fclose.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fdopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fflush.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fgetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fgets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fputc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fputs.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fread.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/free.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/freopen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fseek.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ftell.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/fwrite.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/gets.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/getw.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/index.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/isatty.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/libc_proto.h
Examining data/iraf-2.16.1+2018.11.01/sys/libc/malloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/perror.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/printf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/puts.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/putw.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/qsort.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/realloc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/rewind.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/rindex.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/setbuf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/spf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/sprintf.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/stgio.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcat.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcmp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strcpy.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strdup.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strlen.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncat.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncmp.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/strncpy.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/system.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/ungetc.c
Examining data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c
Examining data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c
Examining data/iraf-2.16.1+2018.11.01/sys/memdbg/zrtadr.c
Examining data/iraf-2.16.1+2018.11.01/sys/memio/zzdebug.c
Examining data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/imwcs.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h
Examining data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h
Examining data/iraf-2.16.1+2018.11.01/sys/osb/abs.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbc.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbd.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbi.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbl.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbr.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbs.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtbx.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtcb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtcu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtdb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtdu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtib.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtiu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtlb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtlu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtrb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtru.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtsb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtsu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtub.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtuc.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtud.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtui.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtul.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtur.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtus.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtuu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtux.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtxb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/achtxu.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/aclrb.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/and.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bitfields.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap2.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap4.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bswap8.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/bytmov.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/chrpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/chrupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/d1mach.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/i32to64.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/i64to32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iand32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/imul32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/ipak16.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/ipak32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iscl32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iscl64.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iupk16.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/iupk32.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/not.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/or.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/r1mach.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/shift.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strpak.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c
Examining data/iraf-2.16.1+2018.11.01/sys/osb/strupk.c
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plbox.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plcircle.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/pllseg.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plpolygon.h
Examining data/iraf-2.16.1+2018.11.01/sys/plio/plrseg.h
Examining data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h
Examining data/iraf-2.16.1+2018.11.01/sys/psio/psio.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h
Examining data/iraf-2.16.1+2018.11.01/sys/qpoe/qpoe.h
Examining data/iraf-2.16.1+2018.11.01/sys/symtab/symtab.h
Examining data/iraf-2.16.1+2018.11.01/sys/tty/tty.h
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrc.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrd.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclri.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrl.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrr.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/ak/aclrs.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovc.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovd.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovi.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovl.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovr.c
Examining data/iraf-2.16.1+2018.11.01/sys/vops/lz/amovs.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootProto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/bootlib.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/bytmov.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/kproto32.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/kproto64.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osaccess.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osamovb.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oschdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osclose.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscmd.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscreatedir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscrfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdelete.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfcopy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfdate.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfiletype.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfpathname.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetowner.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osopen.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osread.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetfmode.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetowner.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossettime.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osstrpak.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osstrupk.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossubdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossymlink.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ostime.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oswrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/generic/yywrap.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/extern.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/cant.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/close.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/endst.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/getarg.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/getlin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/initst.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/putch.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/putlin.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/r4tocstr.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/ratdef.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/remark.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/rpp.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xpp.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppProto.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/dextern.h
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c
Examining data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y4.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/abort_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arith.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/backspac.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_div.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/c_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/cabs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/close.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_acos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_asin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_atan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_atn2.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cnjg.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_cosh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_imag.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_int.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_lg10.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_prod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sinh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_tan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/d_tanh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/derf_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/derfc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dolio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dtime_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/due.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ef1asc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ef1cmc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/erf_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/erfc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/etime_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/exit_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f2c.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f77_aloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/f77vers.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmt.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmtlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fp.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ftell64_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ftell_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getarg_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_dnnt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_indx.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_len.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/h_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_ge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_gt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_le.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/hl_lt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i77vers.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_dnnt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_indx.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_len.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/i_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/iargc_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/iio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ilnw.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_ge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_gt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_le.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/l_lt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lbitbits.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lbitshft.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ci.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_dd.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_di.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_hh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ii.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_qq.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_ri.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_zi.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/pow_zz.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/qbitbits.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/qbitshft.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_acos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_asin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_atan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_atn2.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cnjg.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_cosh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_dim.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_imag.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_int.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_lg10.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_mod.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_nint.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sign.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sinh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_tan.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/r_tanh.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rewind.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsli.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cat.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cmp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_copy.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_rnge.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_stop.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sig_die.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signal1.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signal_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/signbit.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sue.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/sysdep1.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/typesize.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/uio.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/uninit.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/util.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wrtfmt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsfe.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsle.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/xwsne.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_abs.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_cos.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_div.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_exp.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_log.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_sin.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/z_sqrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/defines.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/equiv.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/ftypes.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/machdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1defs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1output.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/pccdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/tokdefs.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/usignal.h
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/version.c
Examining data/iraf-2.16.1+2018.11.01/unix/f2c/src/xsum.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhpgl.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.h
Examining data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/config.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/alloc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/error.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/finfo.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/fpoll.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/fset.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/iraf.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/kernel.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/knames.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/kproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/lexnum.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/main.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/math.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/protect.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/prstat.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/prtype.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/setjmp.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/spp.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdarg-gcc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdarg.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/ttset.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/xnames.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/xwhen.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/zfstat.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/mach32.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/mach64.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/math.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/swapbe.h
Examining data/iraf-2.16.1+2018.11.01/unix/hlib/swaple.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/alloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/dio.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/getproc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/gmttolst.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/accept.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/connect.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ctype.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/eprintf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ghostbynm.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/gsocknm.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/htonl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/htons.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/in.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/inetaddr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/listen.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/netdb.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ntohl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/ntohs.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/socket.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/socket.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpclose.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpread.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/tcpwrite.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/types.h
Examining data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/prwait.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/tape.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zawset.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zcall.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zdojmp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfchdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfdele.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfgcwd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiosf.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zflink.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfmkcp.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfmkdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfnbrk.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfpath.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfpoll.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfrmdr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfrnam.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfsubd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfunc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfutim.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zfxdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgcmdl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zghost.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zglobl.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgmtco.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtpid.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zintpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zlocpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zlocva.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmain.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmaloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zmfree.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zopdir.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zraloc.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zshlib.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zttyio.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zwmsec.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zxwhen.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzdbg.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzepro.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzexit.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c
Examining data/iraf-2.16.1+2018.11.01/unix/os/zgtime.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_defs.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_tab.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap1.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap2.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap3.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio2.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/longnam.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/pliocomp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/quantize.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/ricecomp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/scalnull.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/swapproc.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcsutil.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/adler32.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/crc32.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/crc32.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/deflate.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/deflate.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/infback.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffast.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffast.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inffixed.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inftrees.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inftrees.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/trees.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/trees.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/uncompr.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zconf.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zlib.h
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.c
Examining data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcompress.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votconcat.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcopy.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votdump.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votinfo.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votpos.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votsplit.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/xx.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votHandle.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParseP.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.c
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.h
Examining data/iraf-2.16.1+2018.11.01/vendor/libvotable/votStack.c
FINAL RESULTS:
data/iraf-2.16.1+2018.11.01/sys/libc/gets.c:14:1: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets (
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetfmode.c:17:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return (chmod (vfn2osfn(fname,0), mode));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossetowner.c:20:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return (chown (vfn2osfn(fname,0), uid, gid));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossymlink.c:25:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((n = readlink (fname, valbuf, maxch)) > 0)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:888:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (outfile, 0755);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:77:9: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#define gets u_gets
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:144:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
extern char *gets (char *buf);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:97:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
char *gets();
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:150:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (fp->f_name, RWOWN) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:152:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown (fp->f_name, ruid, rgid) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:190:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (fp->f_name, RWALL) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:192:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown (fp->f_name, 0, 0) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:171:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod ((char *)osfn, newmode);
data/iraf-2.16.1+2018.11.01/unix/os/zfmkdr.c:39:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (osdir, _u_fmode(0777));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6826:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(infile, url, FLEN_FILENAME -1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:883:13: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(file_outfile,outfile,FLEN_FILENAME-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:297:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(stdin_outfile,outfile,FLEN_FILENAME-1); /* an output file is specified */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:571:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:708:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2410:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(errMsg, varName, MAXVARNAME);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2425:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(errMsg, varName, MAXVARNAME);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1047:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmpname, keyname + nblank, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1103:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(tmpname2, tmpname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1147:13: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(card, tmpname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:504:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyname, &name[ii], FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1463:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1542:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1623:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1704:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1785:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1866:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(keyroot, keyname, FLEN_KEYWORD - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:985:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
(void)strncat (newpixname, &pixname[4], SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1003:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
(void)strncat (newpixname, pixname, SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2515:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2636:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(extnm, extnmx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2894:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(xtension, xtensionx, FLEN_VALUE-1);
data/iraf-2.16.1+2018.11.01/lib/diropen.h:1:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# DIROPEN.H -- Defined parameters for fio.diropen. Two directory access modes
data/iraf-2.16.1+2018.11.01/lib/diropen.h:3:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# used internally by the system).
data/iraf-2.16.1+2018.11.01/lib/error.h:7:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define EA_RESTART -99 # used by the system
data/iraf-2.16.1+2018.11.01/lib/finfo.h:9:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FI_ATIME $1[3] # time of last access
data/iraf-2.16.1+2018.11.01/lib/fio.h:26:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FMODE Memi[$1+1] # mode of access
data/iraf-2.16.1+2018.11.01/lib/fio.h:109:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# buffer size for efficient sequential access to the device.
data/iraf-2.16.1+2018.11.01/lib/fio.h:129:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define VFN_READ 1 # VFN access modes for VFNOPEN
data/iraf-2.16.1+2018.11.01/lib/fmset.h:4:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FM_ACMODE 1 #RO datafile access mode
data/iraf-2.16.1+2018.11.01/lib/fset.h:2:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Some of these parameters provide access to the guts of the i/o system and
data/iraf-2.16.1+2018.11.01/lib/fset.h:2:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# Some of these parameters provide access to the guts of the i/o system and
data/iraf-2.16.1+2018.11.01/lib/fset.h:7:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define F_ADVICE 1 # advice on type of access (rand,seq,def)
data/iraf-2.16.1+2018.11.01/lib/fset.h:32:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define F_MODE 26 #r file access mode (ro,wo,rw)
data/iraf-2.16.1+2018.11.01/lib/fset.h:40:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define F_READ 34 #r does file have read access [y/n]
data/iraf-2.16.1+2018.11.01/lib/fset.h:47:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define F_WRITE 41 #r does file have write access [y/n]
data/iraf-2.16.1+2018.11.01/lib/gio.h:54:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define GP_ACMODE Memi[$1+3] # gopen access mode
data/iraf-2.16.1+2018.11.01/lib/gio.h:140:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
define GL_TICKFORMAT Memc[P2C($1+23)] # printf format of ticks
data/iraf-2.16.1+2018.11.01/lib/imio.h:6:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define DEF_ADVICE SEQUENTIAL # type of access to optimize for
data/iraf-2.16.1+2018.11.01/lib/imio.h:31:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define IM_ACMODE Memi[$1+2] # access mode (ro, rw, etc.)
data/iraf-2.16.1+2018.11.01/lib/imio.h:34:50: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define IM_VADVICE Memi[$1+5] # expected type of access
data/iraf-2.16.1+2018.11.01/lib/imio.h:75:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define PL_ACMODE mod($1,100B) # extract access mode
data/iraf-2.16.1+2018.11.01/lib/mwset.h:4:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define MW_NDIM 1 # system logical dimension
data/iraf-2.16.1+2018.11.01/lib/mwset.h:8:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define MW_NPHYSDIM 5 # physical system dimension
data/iraf-2.16.1+2018.11.01/lib/nspp.h:1:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# NSPP.H -- Definitions for the NCAR system plot package and metacode
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:3:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The catalog access interface parameter definitions
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:23:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The catalog access results parameter definitions
data/iraf-2.16.1+2018.11.01/lib/pkg/cq.h:46:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The surveys access results parameter definitions
data/iraf-2.16.1+2018.11.01/lib/plset.h:15:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Range list definitions. For applications which access mask lines as range
data/iraf-2.16.1+2018.11.01/lib/qpset.h:33:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define QPOE_MODE 25 # poefile access mode
data/iraf-2.16.1+2018.11.01/lib/tbset.h:7:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Phil Hodge, 4-Nov-1993 Add TBL_LAST_ROW for access to number of rows. DEL
data/iraf-2.16.1+2018.11.01/lib/xwhen.h:3:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define X_ACV 501 # access violation
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:20:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define RCCC 107 # the field center coordinate system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:22:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define RCSYSTEM 109 # the field center coordinate system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astrom.h:44:75: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define AT_RCSTSYSTEM Memc[P2C($1+15+RCST_SZ_FNAME)] # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h:47:69: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define AT_RCSYSTEM Memc[P2C($1+12)] # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/astcat/lib/astromdef.h:48:74: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define AT_RCSOURCE Memc[P2C($1+12+RC_SZ_FNAME)] # the field center cc system
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:32:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# pointer to sequential access buffer (not used currently)
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:34:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define AP_SEQUENTIAL Memi[$1+21] # Sequential or random access
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h:14:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define AP_ORPXCUR Memr[P2R($1+7)] # output system X image center in pixels
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/radprofdef.h:15:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define AP_ORPYCUR Memr[P2R($1+8)] # output system Y image center in pixels
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:4:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Pointer access
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:318:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Vector access
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:329:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Individual access for variable symbols and counters.
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:335:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Individual access for fitting parameter symbols, values and list. The
data/iraf-2.16.1+2018.11.01/noao/digiphot/photcal/lib/prstruct.h:341:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Individual access for derivative equation string offsets and codes. The
data/iraf-2.16.1+2018.11.01/noao/lib/smw.h:125:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Spectrum types and access modes.
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:187:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:188:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:205:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ((char *)(res + (cp - o1sp)),
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:231:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:236:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:248:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, s2);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:250:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:205:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfilename, pfp->pf_ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:207:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pfilename, pfp->pf_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:243:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:468:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:483:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirname, cd_prev);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:492:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:493:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_curr, dirname);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:544:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1933:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (os_filelist, osfn);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1940:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (oscmd, host_editor (envget ("editor")), os_filelist);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1968:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2033:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2093:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:44:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errfile, outfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:232:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (start, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:246:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (es, ns);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:411:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (news, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:719:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_name, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:875:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_prompt, o->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:123:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "home$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:127:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "dev$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:141:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ed_editorcmd, "iraf%s", editor);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:190:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (string, "%s %s %s", label, escape, name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:160:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:165:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:168:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (runcmd, "%s (mode='h')\n", newpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:277:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nextpset, e_nextpset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:513:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "PARFILE = %s\r\n", pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:517:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "PACKAGE = %s\r\n", ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:519:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " TASK = %s\r\n", ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:678:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outbuf, colbuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:716:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dbg, "string = |%s| ", string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:756:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s [%s]?", errstr, outstring);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:771:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (message, errstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:817:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s must be `yes' or `no'", errstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:821:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "What? %s", range);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:824:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s %s", errstr, range);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1007:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&arglist[1], args);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1160:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldline, string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1389:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1408:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1439:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, chn);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1453:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempstr, cp); /* save the end */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1455:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp+oldnum, tempstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1462:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldline, cp);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1487:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, oldline);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1681:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1688:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " - %d parameters written to %s", n,
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1701:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, e_cx->e_pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1733:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1745:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "parameter `%s' is not a pset parameter",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1761:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1780:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1865:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (errmsg, errfmt, errarg);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:493:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (logmsg, "Start (%s)", newtask->t_ltp->lt_pname);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:543:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmd, ip);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:557:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:563:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:567:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:571:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:701:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s%s.e", pkg ? pkg->pk_bin : BINDIR, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:702:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (loc_path, "./%s.e", root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:718:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bin_root, root_path);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:734:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.linux/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:738:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:745:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:752:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.macosx/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:759:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.macintel/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:45:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(), *index();
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:58:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
query_status = strcpy (buf, string);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:168:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:174:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:202:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:343:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, ibuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:999:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%spipe%d", dir, pipecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (raw_cmdblk, cmdblk);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1070:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, marg1);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1074:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, marg2);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1144:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, "# %8.8s %s%s%s %s- ",
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (clstartup, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:356:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (clstartup, CLSTARTUP);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:357:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (clprocess, CLDIR);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:358:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (clprocess, CLPROCESS);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:454:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (o.o_val.v_s, arglist);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:474:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (global, "%s/.iraf/login.cl", home);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:528:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logoutfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:529:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logoutfile, CLLOGOUT);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:346:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%.3f %.3f %d %s %s\n",
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:669:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, *pp->p_prompt == '\0' ? pp->p_name : pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:894:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bkg_query_file, "%sBQF%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:895:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (query_response_file, "%sBQR%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:133:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1162:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1168:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:50:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr, indefstr);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:57:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (outstr, op->o_val.v_i == NO ? falsestr : truestr);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:69:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:281:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (numstr, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:371:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (hexnum, s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:378:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (s, format, &o.o_val.v_i) != 1) {
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:782:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sbuf, param_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:128:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, pfilepath);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:293:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:308:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:397:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*q++, *p++);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:476:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:571:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, qq->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:580:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, firstask->t_modep->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:766:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, dir); /* start with directory name */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:771:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:773:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:775:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, ltname);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:777:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, extn); /* add extension for pfile */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:964:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newpfp->pf_pfilename, pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1076:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*q++, *p++) ;
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1321:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, initbuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1547:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*p, INDEFSTR);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:258:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pr->pr_name, process);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:319:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname[nprocs++], pr->pr_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:458:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (out, "[%02d] %s!%d(%xX)",
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:312:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
nscan_val = sscanf (buf, format,
data/iraf-2.16.1+2018.11.01/pkg/cl/stack.c:128:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest->o_val.v_s, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:346:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1343:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3264:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (curr_task, ltname);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3365:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pname, "%s.%s",
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3369:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pname, f);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3372:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname, stkop((yyvsp[(1) - (1)]))->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:230:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:231:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:248:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf ((char *)(res + (cp - o1sp)),
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:255:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1sp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:274:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:279:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (res, o1.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:291:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, s2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:293:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:211:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfilename, pfp->pf_ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:213:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pfilename, pfp->pf_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:248:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:495:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:510:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dirname, cd_prev);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:519:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_prev, cd_curr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:520:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cd_curr, dirname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:592:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:601:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.errmsg, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:602:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:633:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.errmsg, errmsg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:635:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.script, script->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2038:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (os_filelist, osfn);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2045:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (oscmd, host_editor (envget ("editor")), os_filelist);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2073:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2138:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2198:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2259:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (handler, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:43:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errfile, outfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:238:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (start, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:252:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (es, ns);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:411:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (news, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:719:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_name, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:883:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_prompt, o->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:123:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "home$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:127:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "dev$%s.ed", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:141:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ed_editorcmd, "iraf%s", editor);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:190:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf (string, "%s %s %s", label, escape, name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:169:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:174:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->e_pset, newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:177:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (runcmd, "%s (mode='h')\n", newpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:181:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (epar_cmdbuf, runcmd);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nextpset, e_nextpset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:525:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "PARFILE = %s\r\n", pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:529:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "PACKAGE = %s\r\n", ltp->lt_pkp->pk_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:531:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, " TASK = %s\r\n", ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:690:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outbuf, colbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:728:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dbg, "string = |%s| ", string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:768:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s [%s]?", errstr, outstring);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:783:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (message, errstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:829:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s must be `yes' or `no'", errstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:833:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "What? %s", range);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:836:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (message, "%s %s", errstr, range);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1019:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&arglist[1], args);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1172:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldline, string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1401:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1420:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chn, chn+1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1451:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, chn);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1465:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempstr, cp); /* save the end */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1467:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp+oldnum, tempstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1474:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldline, cp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1499:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cp, oldline);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1693:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf,
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1700:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, " - %d parameters written to %s", n,
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1713:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, e_cx->e_pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1745:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1757:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "parameter `%s' is not a pset parameter",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1773:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1792:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (e_nextpset, pset);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1877:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (errmsg, errfmt, errarg);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:307:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.errmsg, diagstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:308:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:393:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (opt, "%s %s %s %s %s",
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:538:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (logmsg, "Start (%s)", newtask->t_ltp->lt_pname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:588:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmd, ip);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:602:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:608:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:612:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:616:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, redir);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:746:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s%s.e", pkg ? pkg->pk_bin : BINDIR, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:747:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (loc_path, "./%s.e", root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:763:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bin_root, root_path);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:779:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.linux/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:783:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.redhat/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:797:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.macosx/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:804:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bin_path, "%s.macintel/%s.e", bin_root, root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1231:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errcom.task, currentask->t_ltp->lt_lname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:42:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(), *index();
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:55:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
query_status = strcpy (buf, string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:163:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:169:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:195:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (message, str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:435:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, ibuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:1151:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%spipe%d", dir, pipecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:259:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (raw_cmd, epar_cmdbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:268:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (raw_cmd, cmd);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:368:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (raw_cmdblk, cmdblk);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:988:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ((eh_longprompt == YES) ? "%s> " : "%2.2s> ", string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1016:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (prompt,
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1132:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, marg1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1136:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, marg2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1206:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, "# %8.8s %s%s%s %s- ",
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:392:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (clstartup, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:393:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (clstartup, CLSTARTUP);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:394:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (clprocess, CLDIR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:395:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (clprocess, CLPROCESS);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:502:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (o.o_val.v_s, arglist);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:528:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (global, "%s/.iraf/login.cl", home);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:598:12: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
tmpfile = mktemp (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:638:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logoutfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:639:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logoutfile, CLLOGOUT);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:342:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%.3f %.3f %d %s %s\n",
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:654:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, *pp->p_prompt == '\0' ? pp->p_name : pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:874:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bkg_query_file, "%sBQF%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:875:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (query_response_file, "%sBQR%d", envget(UPARM), filecode);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:130:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s2, o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1072:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1120:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (format, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1126:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:47:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr, indefstr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:54:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (outstr, op->o_val.v_i == NO ? falsestr : truestr);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:66:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:266:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (numstr, o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:353:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (hexnum, s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:360:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (s, format, &o.o_val.v_i) != 1) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:632:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ip, &result.o_val.v_s[1]);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:772:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sbuf, param_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:126:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, pfilepath);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:306:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, usr_pfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:395:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*q++, *p++);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:474:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pfp->pf_pfilename, pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:569:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, qq->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:578:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, firstask->t_modep->p_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:762:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, dir); /* start with directory name */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:767:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:769:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, temp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:771:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, ltname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:773:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, extn); /* add extension for pfile */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:954:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newpfp->pf_pfilename, pfp->pf_pfilename);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1064:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*q++, *p++) ;
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1306:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->p_val.v_s, initbuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1532:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*p, INDEFSTR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:257:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pr->pr_name, process);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:316:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname[nprocs++], pr->pr_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (out, "[%02d] %s!%d(%xX)",
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:306:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
nscan_val = sscanf (buf, format,
data/iraf-2.16.1+2018.11.01/pkg/ecl/stack.c:127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest->o_val.v_s, op->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:334:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, task_spec);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1379:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3303:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (curr_task, ltname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pname, "%s.%s",
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3410:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pname, f);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3413:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pname, stkop((yyvsp[(1) - (1)]))->o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:5:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# access elements of a WCSLAB descriptor. The descriptor provides all
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:96:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# to the logical system.
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:171:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# The center of the transformations in the logical system.
data/iraf-2.16.1+2018.11.01/pkg/images/tv/wcslab/wcs_desc.h:210:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# The center of the transformations in the world system.
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h:48:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define O_SYSDOC 3 # print technical system documentation
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h:31:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define M_SYS Memi[$1+2] # system docs file index
data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h:52:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define O_SYSDOC 3 # print technical system documentation
data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h:31:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define M_SYS Memi[$1+2] # system docs file index
data/iraf-2.16.1+2018.11.01/pkg/system/help/xhelp/xhelp.h:10:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define HDB_RAW Memi[$1+1] # access compiled or raw database
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:5:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
od.h -- Include parameters for the 1D I/O data system.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:9:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# Below describes the structure and access to the OD descriptor.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:22:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define OD_WSYS_PTR Memi[$1+10] # WCS system type.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:5:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# access elements of a WCSLAB descriptor. The descriptor provides all
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:96:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# to the logical system.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:171:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# The center of the transformations in the logical system.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/wcslab/wcs_desc.h:210:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# The center of the transformations in the world system.
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:3:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The catalog access interface parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:23:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The catalog access results parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cq.h:46:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# The surveys access results parameter definitions
data/iraf-2.16.1+2018.11.01/pkg/xtools/catquery/cqdef.h:19:56: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define CQ_MODE Memi[$1+1] # The database access mode
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:9:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define SKY_EQUINOX Memd[P2D($1+8)] # equinox of ra/dec system (B or J)
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:11:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define SKY_CTYPE Memi[$1+12] # celestial coordinate system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:12:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define SKY_RADECSYS Memi[$1+13] # ra/dec system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:18:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define SKY_PIXTYPE Memi[$1+19] # iraf wcs system code
data/iraf-2.16.1+2018.11.01/pkg/xtools/skywcs/skywcsdef.h:24:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define SKY_COOSYSTEM Memc[P2C($1+25)] # the coordinate system name
data/iraf-2.16.1+2018.11.01/sys/clio/clpset.h:1:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# CLPSET.H -- CL pset access package header file.
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:26:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FM_MODE Memi[$1+3] # access mode of datafile
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:57:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# File table entry (FTE) during datafile access.
data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h:4:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FM_ACMODE 1 #RO datafile access mode
data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h:21:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define IM_ACMODE Memi[$1+2] # image access mode
data/iraf-2.16.1+2018.11.01/sys/imio/iki/fxf/fxf.h:66:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FIT_ACMODE Memi[$1] # image access mode
data/iraf-2.16.1+2018.11.01/sys/imio/imt/fxf.h:66:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define FIT_ACMODE Memi[$1] # image access mode
data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c:29:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, cmd); /* save to static buffer */
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:13:1: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp (
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:20:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (template, unique);
data/iraf-2.16.1+2018.11.01/sys/libc/printf.c:29:1: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/printf.c:43:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (FILE *fp, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:72:1: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scanf (char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:95:1: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
fscanf (FILE *fp, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:119:1: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (char *str, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/sprintf.c:21:1: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (char *str, char *format, ...)
data/iraf-2.16.1+2018.11.01/sys/libc/strcat.c:11:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (
data/iraf-2.16.1+2018.11.01/sys/libc/strcpy.c:10:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (
data/iraf-2.16.1+2018.11.01/sys/libc/system.c:15:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:63:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nscan = sscanf (buf,
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:66:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (message, p_format, *arg1);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:84:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (message, p_format, *arg1, *arg2);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:105:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (message, p_format, p_strarg);
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:159:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, p_format, *arg1, *arg2);
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:1:64: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# MTIO.H -- Magtape i/o interface definitions. Note that the system config
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:27:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define MT_ACMODE mtdev[2,$1+1] # new access mode
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:49:55: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define MI_NLOGDIM Memi[$1+12] # dimension of logical system
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:63:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define WCS_NDIM Memi[$1] # dimension of world system
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:64:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define WCS_SYSTEM Memi[$1+1] # sbuf index of system name
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:105:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define CT_WCSI Memi[$1+2] # pointer back to system 1
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwcs.h:106:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
define CT_WCSO Memi[$1+3] # pointer back to system 2
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:8:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# inverted to access only the "masked" pixels, or a mask might be ANDed with a
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpoe.h:44:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define QP_MODE Memi[$1+6] # datafile access mode
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:54:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (vfn, pkg);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:56:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (vfn, SETENV);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:122:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (osfn, hlib);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:123:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (osfn, SETENV);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osaccess.c:23:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn, vfn2osfn(fname,0));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdir.c:25:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn, dirname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:28:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (vfn, osfn); /* [MACHDEP */
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:61:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)x_osfn, osfn);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:79:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (vfn, osfn);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:35:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errmsg, "iraf");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:40:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, errmsg, "host");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:48:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "lib"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:50:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "bin"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:52:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "dev"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:54:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "pkg"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:56:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "sys"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:58:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (irafdir, "math"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:60:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (hostdir, "hlib"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:62:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (valstr, os_subdir (hostdir, "as"));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:86:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)symbol, envvar);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:22:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s=%s", name, value);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:24:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (env, buf);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:50:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s=%s", name, value);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:52:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (env, buf);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfname, sysfile);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:101:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, libs[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:102:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname, sysfile);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:131:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn, vfn2osfn (fname, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:250:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (osdev, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:254:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (osdev, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:51:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, ldir);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:52:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname, ip);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (genfname, *++p);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:134:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (input_file, files[n]);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:156:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, prefix);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:165:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (template, input_file);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:169:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (template, genfname);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:185:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname, make_typed_filename (template, *t));
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:187:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname, template);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:194:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname, extension);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:197:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname,0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:522:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fp->f_types, types);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:81:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lbuf, name);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:93:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fn->lname, lname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:94:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fn->fname, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:120:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lname, "<%s>", fn->lname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:105:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -r %s %s", XC, irafdir, xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:107:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", XC, xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:178:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s", LIBRARIAN, LIBFLAGS, resolvefname(libfname));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:250:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", REBUILD, libpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:306:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (mkpath(fname,ip,path), 0) < 0)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:321:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (backup, "%s.cko", fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:322:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (backup, 0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:359:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (mkpath(fname,ip,path), 0) < 0)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:384:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname, 0) != -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:400:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (backup, "%s.cko", fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:401:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (backup, 0) == -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:428:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, file);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:491:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old, vfn2osfn (oldfile, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:492:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new, vfn2osfn (newfile, 1));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:595:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old_osfn, vfn2osfn (old, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:596:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new_osfn, vfn2osfn (new, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:786:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr, module);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:812:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:816:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, relpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:824:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((str ? (str+1) : pathname), relpath);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:95:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->mkpkgfile, MKPKGFILE);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:119:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->mkpkgfile, *argp++);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:162:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (irafdir, *argp++);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (v_pkgenv, pkgenv[0]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s$lib/mkpkg.inc", pkgenv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:251:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new_xflags, "%s %s", getsym(XFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:259:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new_xvflags, "%s %s", getsym(XVFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:267:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new_lflags, "%s %s", getsym(LFLAGS), flags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:328:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (errmsg, fmt, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:343:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (errmsg, fmt, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:32:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->mkpkgfile, MKPKGFILE);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:48:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s%s", cx->curdir, cx->mkpkgfile);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:113:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->library, cx->prev->library);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:180:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modname, token);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (srcname, sfp ? sfp->sf_sfname : modname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:536:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ncx->library, module);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:544:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ncx->curdir, newdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:568:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ncx->mkpkgfile, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:900:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cx->library, prev); /* return module name */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:202:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (modname, "%s", p);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:320:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&mlb_sbuf[mlb_op], modname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:150:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (stname, token);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (outstr, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:358:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (op, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:596:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modspec, program);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:667:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (match, "%s:", symbol);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:783:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (xflags, s_xflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:786:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -r %s %s", XC, xflags, irafdir, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:788:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s", XC, xflags, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:822:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -r %s", XC, irafdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:824:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s", XC);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:895:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s -r %s", XC, lflags, irafdir);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:897:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s", XC, lflags);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:904:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmd, linkline);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1011:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1012:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1036:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1037:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1060:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1061:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1094:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (old, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1095:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (new, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1136:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, getargs (cx));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1198:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmd, prefix);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1257:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (args, tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1261:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (args, "<%s>", tokbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1342:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, getargs(cx));
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:143:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newpath, "%s%s/", path, dir);
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:146:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lbuf, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newpath, "%s%s/", path, dir);
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:493:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fh->linkname, hb->dbuf.linkname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:229:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (f2cpath, tempfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:244:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccomp, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:246:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (f77comp, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:251:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (linker, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:268:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (v_pkgenv, v_pkgenv[0] ? " -p " : "-p ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:269:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (v_pkgenv, argv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:281:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ip = u_pkgenv, s);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:293:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (v_pkgenv, v_pkgenv[0] ? " -p " : "-p ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:294:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (v_pkgenv, pkgname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:349:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bp, vfn2osfn (&arg[2], 0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:383:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfile, arg);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:546:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (arg,0) == -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:787:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tempfile, "/tmp/T_%s.XXXXXX", outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:790:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tempfile, "T_%s", outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:880:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "/bin/cp -f %s %s", tempfile, outfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:911:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "%s %s %s", edsym, outfile, shlib);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:939:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "lib%s.a", &i_fname[2]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:947:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, i_fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:949:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (libp, oname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:951:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (libp, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:978:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((fs = malloc(len+1)), lflag);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1018:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (savename, libref);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1021:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (libname, "lib%s.a", libref+2);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1036:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, libref);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1059:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (fname, 0) == 0) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1060:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1068:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (absname=bp, vfn2osfn (path, 0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1117:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xpp_path, XPP);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1121:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s %s -A -R %s", xpp_path, pkgenv, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1123:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s -A -R %s", xpp_path, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1126:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s %s -R %s", xpp_path, pkgenv, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1128:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s -R %s", xpp_path, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1134:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cmdbuf, foreign_defsfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, file);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1145:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rpp_path, RPP);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1146:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s %s%s >%s",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1207:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp (task, argv); /* use user PATH for search */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1208:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, SYSBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1209:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, task);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1210:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv (path, argv); /* look in SYSBINDIR */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1211:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, LOCALBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1212:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, task);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1213:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv (path, argv); /* look in LOCALBINDIR */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1291:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv (argv[0], argv);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1390:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (out, s1, s2);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1432:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1433:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1434:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, 0) != -1)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1439:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dp, SYSBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1440:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1441:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1443:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, 0) != -1) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (envpath, "PATH=%s:%s", SYSBINDIR, oldpath);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1461:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dp, LOCALBINDIR);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1462:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, dp);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1463:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, prog);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1464:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (path, 0) != -1)
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:121:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "%s.%s multiply declared",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:173:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "%s.%s multiply declared",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:367:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "\t%s = 0\n", procname);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:422:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
sp->s_name = strcpy (nextch, name);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2729:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname[istkptr], IRAFLIB);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2730:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fname[istkptr], RUNTASK);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2851:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sysfile, HOSTLIB);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2852:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sysfile, *files);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:572:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (emsg,
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1023:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s\tiyy\n", type_decl[TY_INT]);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1050:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s\tdp(%d)\n", type_decl[XTY_INT], ntasks + 1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1052:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s\tdict(%d)\n", type_decl[XTY_CHAR],
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1075:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "\t call %s\n", task_list[i].proc_name);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1441:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sp, yytext);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1454:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "%s\t%s(%d)\n", type_decl[XTY_CHAR], s->str_name,
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1495:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (outbuf, "\'%s\'", strbuf);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:76:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (irafdefs, p);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:103:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (v_pkgenv, pkgenv);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:111:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (irafdefs, vfn2osfn (IRAFDEFS,0));
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:164:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname[0], argv[i]);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:276:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (newpath, "%s%s", dname(path), dir);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:277:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (newpath, dname(newpath));
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:351:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fh.name, path);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:352:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fh.name, fname);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:357:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fh.name, dname(fh.name));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:537:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf (stderr, s, ap);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:575:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf (stderr, s, ap);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:616:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("%s "), symnam (j));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:742:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("\n%s: "), nontrst[i].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:839:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:1005:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:1135:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("\t%s"), writem (u->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:249:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cp = strcpy (cp, optarg);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1029:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fdebug, WSFMT ("\t\"%s\",\t%d,\n"),
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1041:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fdebug,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1044:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fsppout, WSFMT ("define\t%s\t\t%d\n"),
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1047:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fdefine,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1434:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (faction, WSFMT (".%s"), typeset[tok]);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1480:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (faction, WSFMT (".%s"), typeset[tok]);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1595:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (lhstext, s); /* don't worry about too long of a name */
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1717:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fdebug, WSFMT ("\t\"%s :%s\",\n"), lhstext, rhs);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:111:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:306:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("%s: gotos on "), nontrst[c].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:308:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("%s "), nontrst[i].name);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:345:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:471:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("\t%s\n"), writem (pp->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:477:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("\t%s\n"), writem (u->pitem));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:483:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput, WSFMT ("\n\t%s "), symnam (j0));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:505:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:515:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (fsppout, WSFMT ("define\t%s\t\t%d\n"), s, n);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y3.c:558:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) fprintf (foutput,
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:87:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, *s);
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:97:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(*fmt == ' ' ? " --" : "--");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:125:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
Cray1 = printf(emptyfmt) < 0 ? 0 : 4617762;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:126:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (printf(emptyfmt, Cray1) >= 0)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:128:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (printf(emptyfmt, Cray1) >= 0)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:17:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c:143:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Help! How does fstat work on this system?
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/err.c:167:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, f__curunit->ufnm ? "named %s\n" : "(unnamed)\n",
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c:35:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
x = access(buf,0) ? -1 : 0;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:110:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fmt, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:113:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return sprintf(buf, fmt, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:137:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(b, LGFMT, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:15:14: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
extern char *mktemp();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:207:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(buf,0))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:216:10: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
(void) mktemp(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:237:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buf,0))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:252:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(b->ufnm,buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:29:14: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
extern char *mktemp(char*);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c:35:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rv = system(buff);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:163:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(z, ebuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:449:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dfile, datafmt, varname, offset, type);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:36:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,s,t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:50:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:83:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:98:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:112:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, s, t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "Declaration error for %s: %s", v->fvarname, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:183:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "Execution error %s", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:184:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf2, buf1, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:216:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, t, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:231:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buff, t, d);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:247:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "Impossible %s %d in routine %s", thing, t, r);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:318:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:349:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s function %.90s invoked as subroutine",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:203:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s constant '%.60s' truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:206:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s constant '%.*s' truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1102:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wbuf, "%s%s%s\n\t%s%s%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:896:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
addrp->user.Charp = strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:981:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this_proc_name, storage);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2004:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name = buf, "%s%d", E->cextname, E->curno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2404:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
k = fscanf (infile, "%s", buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2408:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*result = mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ovarname, varname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:864:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, chr_fmt[uk], uk);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:806:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c->user.ident, "(ftnlen)sizeof(%s)", Typename[type]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:911:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s_fmt", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1328:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q->user.ident, "%s.%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1426:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s%s%s%s", comm->cextname, buf,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1433:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s = mem(k+2,0), "%s+%s", s1, buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1448:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s1, "(char *)%s%s", p->isarray ? "" : "&", s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:361:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp+k, name);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:370:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:381:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name+j, name0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infname1, bend);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1558:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1695:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cbnext, str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:165:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s1, sf[t], t);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:180:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(mem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:218:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ld", pfx, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:220:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:246:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d->defname, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d->defname + n1, s2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:454:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "\"%.35s%s\" over 6 characters long", s0,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:458:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
q->fvarname = strcpy(mem(c,0), s0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:563:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
nextext->fextname = strcpy(gmem(strlen(f)+1,0), f);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:566:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
: strcpy(gmem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:93:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case TYLOGICAL: strcpy(buff, Typename[type]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:156:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, fmt, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:292:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf, fmt, (litp -> litval.litival
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:679:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, Lfmt[shiftcase], stateno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:681:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "L_%s", extsymtab[-1-stateno].fextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:706:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pointer, "%s__%d", prefix, num);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:726:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pointer, "%s_%d", EQUIV_INIT_NAME, memno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:756:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outbtail, "%scom.c", ext->cextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:113:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define SPRINTF(x,a,b,c,d,e,f,g) sprintf(x,a,b,c,d,e,f,g)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:117:34: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
#define SPRINTF(x,a,b,c,d,e,f,g) vsprintf(x,a,ap)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/niceprintf.c:416:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, gflag1 ? "\"\\\n" : "\"\n");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:900:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, chr_fmt[k], k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1403:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fl_fmt_string, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1419:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, db_fmt_string, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1421:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:343:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cbuf,buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:93:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%.90s: inconsistent declarations:\n\
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:121:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:141:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(a->user.ident, "(*ret_val).%s",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:200:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(base, "%s0_", e->enamep->cvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:444:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (main_alias, progname->cextname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:488:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(badname, "%s_bad%d", v->fvarname, ++nbad);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:490:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s\n\tsubstituting \"%s\"",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:790:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (np -> vleng -> addrblock.user.ident,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1132:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
namep->fvarname = strcpy(gmem(strlen(namep->fvarname)+1,0),
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
? strcpy(gmem(strlen(namep->cvarname)+1,0), namep->cvarname)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1702:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "dimension %d of %s is not an integer.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1743:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s_dim%d", v->fvarname, i+1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1786:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s_offset", v->fvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:543:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Computing %ld%s power", k,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1333:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s variable", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1344:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s function", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1350:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s argument", ftn_types[k]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1390:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%.90s,\n\targ %d: %s%s%s %s.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1476:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:2073:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment_buf, "Computing M%s", what);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:176:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c_functions, "%s%sfunc", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:177:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(initfname, "%s%srd", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:178:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blkdfname, "%s%sblkd", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:179:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p1_file, "%s%sp1f", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:180:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p1_bakfile, "%s%sp1fb", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:181:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sortfname, "%s%ssort", t, f2c);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:236:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c_functions, "%s/f2c%ld_func", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:237:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(initfname, "%s/f2c%ld_rd", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:238:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blkdfname, "%s/f2c%ld_blkd", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:239:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p1_file, "%s/f2c%ld_p1f", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:240:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p1_bakfile, "%s/f2c%ld_p1fb", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:241:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sortfname, "%s/f2c%ld_sort", tmpdir, pid);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:243:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(initbname, "%s.b", initfname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:270:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outbtail, b);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:569:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, outbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:597:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "sort <%s >%s", from, to);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:598:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(buf) >> 8;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:118:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "_%s", extsymtab[mem].cextname);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:182:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s%d.gif", root, index);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:184:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.gif", root);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:248:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:250:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:338:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (out, DEV_FRAME);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:529:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, pw->pw_name);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:532:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "NOAO/IRAF %s@%s %s",
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:217:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (progname, argv[0]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:250:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:252:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:343:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (out, DEV_FRAME);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:202:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buf_rast, DEV_RAST, n1);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:221:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (obuf, DEV_VECT, x, y);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:143:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:145:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:129:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:131:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (penparam, argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:290:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (obuf, opcode);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (translator, argv[1]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:53:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tpath, "%s", irafpath(translator));
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:55:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (tpath, X_OK) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:65:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv (tpath, &argv[1]);
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:19:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define READ_ONLY 1 # file access modes
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:123:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# Name conversions (to avoid conflicts with host system). Must agree with
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:126:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define access xfaccs
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:136:8: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
define mktemp xmktep
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:140:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
define printf xprinf
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:148:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
define strcat xstrct
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:150:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
define strcpy xstrcy
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:19:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define READ_ONLY 1 # file access modes
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:124:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# Name conversions (to avoid conflicts with host system). Must agree with
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:127:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
define access xfaccs
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:137:8: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
define mktemp xmktep
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:141:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
define printf xprinf
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:149:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
define strcat xstrct
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:151:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
define strcpy xstrcy
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:1:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# KNET.H -- Include in source files which access the IRAF kernel if network
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:3:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# in such source files. If a system is to be configured without networking
data/iraf-2.16.1+2018.11.01/unix/hlib/knet.h:5:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# before compilation of the system libraries.
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:66:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf u_fprintf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:73:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define fscanf u_fscanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:82:9: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
#define mktemp u_mktemp
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:84:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf u_printf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:91:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define scanf u_scanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:95:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define sprintf u_sprintf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:96:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf u_sscanf
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:97:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat u_strcat
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:101:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy u_strcpy
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:107:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define system u_system
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:147:17: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
extern char *mktemp (char *template);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:151:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
extern char *sprintf (char *str, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:152:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat (char *s1, char *s2);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:154:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy (char *s1, char *s2);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:240:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
extern int fscanf (struct _iobuf *fp, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:247:12: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
extern int scanf (char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:249:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
extern int sscanf (char *str, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:252:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern int system (char *cmd);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:307:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void fprintf (struct _iobuf *fp, char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:311:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void printf (char *format, ...);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:1957:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern integer mwnewm_(integer *mw, shortint *system, integer *ndim);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:1968:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern integer mwssym_(integer *mw, shortint *system);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:2408:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern integer skinpt_(shortint *label, shortint *system, integer *ctype, integer *radecs, doublereal *equinx, doublereal *epoch);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:2409:64: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern integer skinwe_(integer *fd, shortint *label, shortint *system, integer *ctype, integer *radecs, doublereal *equinx, doublereal *epoch);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/vosproto.h:3436:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extern integer mwfins_(integer *mw, shortint *system);
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:220:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fp->f_name, "/dev/%s", fname);
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:222:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fp->f_name, "/dev/rmt/%s", fname);
data/iraf-2.16.1+2018.11.01/unix/os/getproc.c:24:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "/proc/%s", direntp->d_name);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:40:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)ldir, ULIB);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:55:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:56:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:72:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)hostdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:76:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:77:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:81:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)hostdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:83:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:84:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:89:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:91:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, irafarch);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:93:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:94:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:99:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:101:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:102:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:108:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:109:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (pathname, 0) == 0)
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:35:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hostdb, (char *)osfn);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:27:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn, fname);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)text, TTYNAME);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:154:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)temp, subdir);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:160:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((char *)pkname, fname);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)pkname, ldir);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:286:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (osfn, (char *)valstr);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:217:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, uname);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:221:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (prompt, "Login name (%s@%s): ", username, node);
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:234:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (prompt, "Password (%s@%s): ", username, node);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:112:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (o_mtdev, argv[1]);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:129:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (tp+1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:169:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (logfile, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:197:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mtdev, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:199:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mtdev, o_mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:201:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mtdev, token);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:211:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf, "cannot open device %s\n", mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:216:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf,
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:219:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (o_mtdev, mtdev);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:421:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (prompt, "(%s) ", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:63:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)cmd, irafpath(ALLOCEXE));
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:64:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((char *)cmd, *allflg ? " -a " : " -d ");
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:65:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((char *)cmd, (char *)aliases);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:103:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (devname, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:110:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (devname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:111:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (devname, &dev[1]);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:115:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (devname, "/dev/%s", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:116:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (devname, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (devname, "/dev/rmt/%s", dev);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:196:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)cmd, irafpath(ALLOCEXE));
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:198:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((char *)cmd, aliases);
data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c:60:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessible = (access ((char *)fname, acmode) == 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfchdr.c:42:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oscwd, dirname);
data/iraf-2.16.1+2018.11.01/unix/os/zfgcwd.c:40:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oscwd, dirname);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:109:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access ((char *)osfn, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:487:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "access %s %s\n", realpath(fname,pathname), modestr);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:557:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "delete %s\n", realpath(fname,pathname));
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:587:3: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
getlogin(), username, cmd, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:616:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (callback_cmd, "%s callback %d@%s",
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:624:3: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
getlogin(), username, callback_cmd, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:766:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (command, "%s in.irafksd", cmd);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:771:8: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
getlogin(), username, command, 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:797:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp (rshcmd, rshcmd,
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1335:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (debug_fp, fmt, vargs);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1418:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, username);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1457:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (loginname, np->login);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1459:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (loginname, username);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1470:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (password, namep);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1474:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (password, np->password);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1601:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1603:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, IRAFHOSTS);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1605:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, pwd->pw_name);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1628:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pathname, (char *)irafdir);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1629:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (pathname, HOSTLOGIN);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lbuf, op);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1724:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1730:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1735:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (op, word);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1859:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, q ? " \"%s\"" : " %s", np->login);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1864:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (fp, q ? " \"%s\"" : " %s", np->password);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1912:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (prompt, "Password (%s@%s): ", user, host);
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:133:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lpr.spoolfile, dpr.spoolfile);
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:180:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)out,
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1054:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1055:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, &dev[1]);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1062:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1069:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, dev);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mp->iodev, device);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1813:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (obuf, SZ_LINE, argsformat, ap);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:187:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (osfn, (char *)pk_osfn, getuid(), getuid());
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:540:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (np->path1, 0) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:546:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (np->path2, 0) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pltr.spoolfile, dpltr.spoolfile);
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:171:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)out,
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:76:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access ((char *)osfn, 1) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:151:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ((char *)osfn, (char *)osfn, "-c", (char *) 0);
data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c:44:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)ttyname, TTYNAME);
data/iraf-2.16.1+2018.11.01/unix/os/zfioty.c:46:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)ttyname, (char *)osfn);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:43:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (link_name, (char *)fname);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:52:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_name, PREFIX);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:53:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (link_name, &((char *)fname)[first]);
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:55:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access ((char *)fname, 0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:91:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(link_name,0) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:131:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:137:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:143:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lpath, rpath);
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:86:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (os_process_name, argv[0]);
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:154:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn_bkgfile, argv[arg]);
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:48:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access ((char *)osfn, 1) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:51:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access ((char *)bkgfile, 4) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:132:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ((char *)osfn, (char *)osfn, "-d", (char *)bkgfile,
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:140:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl (shell, shell, "-c", cmd, (char *) 0);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:40:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, os_process_name);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:42:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, (char *)errmsg);
data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c:30:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (os_process_name, ospn);
data/iraf-2.16.1+2018.11.01/unix/os/zzsetk.c:31:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)osfn_bkgfile, osbfn);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:273:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((*fptr)->Fptr)->filename, url); /* full input filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:440:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(textlist, extlist);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:646:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:708:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(histfilename, outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:717:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filtfilename, outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:760:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(origurltype,urltype); /* Save the urltype */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:896:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((*fptr)->Fptr)->filename, url); /* full input filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1106:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1157:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1193:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1259:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, filtfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1301:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1341:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, histfilename); /* the original outfile name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1524:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,tmpinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1529:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1559:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1563:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldinfile,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2066:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2094:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname+1,oldname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2112:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testname, colname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2125:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname,oldname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2154:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2257:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2330:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldname, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2353:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colformat, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3421:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3459:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3484:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, tstbuff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3882:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4031:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((*fptr)->Fptr)->filename, url); /* full input filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5310:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infilex, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5354:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5479:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, &infile[ii + 1]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5495:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infilex, infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5575:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infilex, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5597:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rowfilterx, tmptr + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5627:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5794:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5809:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rowfilter, ptr2 + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5819:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rowfilter, ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5866:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binspec, ptr1 + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5887:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpstr, ptr2+1); /* copy any chars after the binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5888:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr1, tmpstr); /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5960:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpstr, ptr2 + 1); /* copy any chars after the colspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5961:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr1, tmpstr); /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6047:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpstr, ptr2 + 1); /* copy any chars after the pixel filter */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6048:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr1, tmpstr); /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6076:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compspec, ptr1 + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6097:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpstr, ptr2+1); /* copy any chars after the binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6098:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr1, tmpstr); /* overwrite binspec */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6115:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rowfilterx, rowfilter+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6283:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6374:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rootname, urltype); /* construct the root name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6375:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rootname, infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6472:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6679:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpname, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6873:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(urlType, driverTable[fptr->Fptr->driver].prefix);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6937:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( lines+totalLen, line );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:202:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chkcomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:204:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(datacomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:338:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chkcomm, datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:208:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:209:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempname, filename+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:216:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:238:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, pwd->pw_dir);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:239:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempname, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:266:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:344:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rootstring, cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:349:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rootstring2, cpos);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:382:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userroot, rootstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:383:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(userroot, username);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userroot2, rootstring2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:388:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(userroot2, username);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:748:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, cptr); /* switch the names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:772:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfilename,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:777:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:782:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:786:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:790:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:794:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:798:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, tmpfilename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:802:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,tmpfilename); /* restore original name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:862:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_outfile,outfile+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:864:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_outfile,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:766:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userpass, url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:827:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:838:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:846:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpstr,tmpstr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:862:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(recbuf,"%s %d",tmpstr,&status);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:905:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(turl, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:929:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:950:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url, scratchstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:977:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(recbuf,"%s %d",tmpstr,&tmpint);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:994:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(contentencoding,scratchstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1242:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(urlname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1284:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(urlname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1325:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(urlname, filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1867:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(turl,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2027:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2036:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2045:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2054:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2147:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(turl,filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2309:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2318:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2327:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2336:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ip,tstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2519:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(urlcopy,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2582:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2603:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2621:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn,urlcopy);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2646:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2648:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2662:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2664:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2686:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2699:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2734:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2745:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2758:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2785:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2794:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2806:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2838:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2890:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2892:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2926:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2932:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2940:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2946:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2952:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinfile,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2957:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,newinfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2970:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1+7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2972:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netoutfile,outfile1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3058:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(localhost,host);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3370:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(turl,url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3391:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(recbuf,getenv("ROOTUSERNAME"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3424:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(recbuf,getenv("ROOTPASSWORD"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3459:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(recbuf,fn);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3461:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(recbuf,rwmode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1105:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tfm, tform[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1214:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tfm, tform[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1978:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tforms[icol], tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1979:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttypes[icol], ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:879:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gParse.expr,expr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1256:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char**)Data)[jj], result->value.data.str );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1260:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char**)Data)[jj], result->value.data.strptr[jj] );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1279:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char**)Data)[jj], result->value.data.str );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1284:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char**)Data)[jj],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1287:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char**)Data)[jj],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2027:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ((char **)gParse.colData[parNo].array)[currelem],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2460:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( thelval->str , keyvalue );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1028:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_0);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1031:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1034:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1037:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1040:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1043:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_5);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1046:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_6);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1049:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1053:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,OCT_X);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1058:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( fflval.str, bitstring );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1092:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_0);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1095:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1098:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1101:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1104:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1107:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_5);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1110:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_6);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1113:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1116:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1119:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_9);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1123:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_A);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1127:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_B);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1131:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_C);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1135:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_D);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1139:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_E);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1143:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_F);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1147:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bitstring,HEX_X);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1153:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( fflval.str, bitstring );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1377:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define FFFPRINTF fprintf
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4984:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[elem ],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4988:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[elem ],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5042:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.str, sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5043:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( this->value.data.str, sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5110:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[rows], sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5111:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( this->value.data.strptr[rows], sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5192:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.str, sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5193:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( this->value.data.str, sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5267:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[rows], sptr1 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:5268:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( this->value.data.strptr[rows], sptr2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6033:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pVals[i].data.str, theParams[i]->value.data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6058:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6111:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.str,pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6207:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6224:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.str, pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6277:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.str, ( pVals[2].data.log ?
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6783:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pVals[i].data.str,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6788:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.strptr[row],pVals[1].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6791:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->value.data.strptr[row],pVals[0].data.str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7462:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pVals[i].data.str,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7468:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[row],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7472:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( this->value.data.strptr[row],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:271:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B2,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:293:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B2,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:319:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:344:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:369:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:401:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(B3,str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:195:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,(fptr->Fptr)->filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:774:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errmsg, txtbuff[0]); /* copy oldest message to output */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1074:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, tmpname); /* copy keyword name to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1088:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, tmpname); /* copy keyword name to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1131:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, tmpname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyname, keyroot); /* copy root string to name string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1326:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, suffix); /* append suffix to the root */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1352:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, keyroot); /* append root to the prefix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1390:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1418:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1447:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comm, &card[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1556:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comm, &card[ii]); /* copy the remaining characters */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1756:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(card, keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1809:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tvalue, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2080:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outrec, inrec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2560:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outrec, inrec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2648:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2810:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3011:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, &tform[ii]); /* copy format string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3185:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&cform[1], &tform[ii + 1]); /* append the width and decimal code */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3230:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&cform[1], &tform[ii + 1]); /* append the width and decimal code */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3341:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3354:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3385:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3979:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3985:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform, colptr->tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3994:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tnull, colptr->strnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4087:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype, colptr->ttype);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5253:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colptr->ttype, tvalue); /* copy col name to structure */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5587:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform, colptr->tform); /* value of TFORMn keyword */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5588:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(snull, colptr->strnull); /* null value for ASCII table columns */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6684:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newform, tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6686:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newform,lenval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9513:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outstr, instr); /* no leading quote, so return input string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9583:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tval, cval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9659:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tval, cval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:192:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, earray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:206:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, earray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:259:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, darray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:273:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, darray[jj]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:316:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:374:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:525:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(array[ii],"%*s",dwidth,tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:530:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, (int) darray[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:532:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmpstr, 400,cform, darray[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:890:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(array[ii], nulval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:268:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, keybuf);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:780:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(unit, &comm[1]); /* copy the string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:940:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*value, valstring); /* append the continued chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1044:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstring, valstring); /* append the continued chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3469:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(headptr, keybuf);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1105:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyvalue,tkeyvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1229:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(location,url[i]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1482:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memberFileName,memberLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1483:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memberAccess1,memberAccess2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1541:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memberLocation,memberFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1545:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memberLocation,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1554:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(memberLocation,memberFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1570:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(groupLocation,groupFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1574:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(groupLocation,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1584:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(groupLocation,groupFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1611:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memberFileName,memberLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1612:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(groupFileName,groupLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1783:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grplc,tgrplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1804:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1813:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp,groupLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1824:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1833:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp,groupLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2461:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2462:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grpLocation1,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2481:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2531:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2532:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grpLocation2,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2550:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grpLocation3,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3173:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grpLocation3,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3180:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grpLocation3,cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3189:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grpLocation3,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3250:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grplc,tgrplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3300:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grpLocation3,grplc);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3684:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3685:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3690:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3691:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3696:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3697:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3702:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3703:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3708:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3709:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3714:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3715:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3724:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3725:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3730:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3731:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3736:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3737:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3746:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3747:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3756:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3757:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3762:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3763:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3768:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3769:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3774:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3775:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i], posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3785:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],xtension);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3786:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],xtenTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3791:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3792:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],nameTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3797:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],version);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3798:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],verTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3803:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3804:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3809:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3810:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3819:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],position);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3820:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],posTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3825:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3826:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],locTform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3831:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttype[i],URI);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3832:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tform[i],URITform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4144:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,tmpLocation);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpLocation,location);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4221:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation1,tmpPtr[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4253:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,mbrLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4270:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,mbrLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4282:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation2,mbrLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4302:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,grpLocation1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation1,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4344:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwd,grpLocation2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4360:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrLocation2,mbrLocation3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4864:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(newFileName != NULL) strcpy(newFileName,HDU->newFilename[i]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4894:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HDU->filename[i],filename2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4895:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HDU->newFilename[i],filename2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4954:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HDU->newFilename[i],newFileName);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5046:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff,inpath+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5050:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff,inpath);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5413:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff,inpath);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5444:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5448:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5471:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5523:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5557:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5570:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5577:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5583:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5608:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outpath,tmpStr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5624:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outpath,buff);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5733:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr4,tmpStr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5736:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,tmpStr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5756:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strlen(outfile)) strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5767:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,tmpPtr+3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5768:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5773:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,tmpPtr+3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5774:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5837:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5838:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5848:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5858:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5868:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5888:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr2,infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6010:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(realAccess != NULL) strcpy(realAccess,tmpStr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6011:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(startAccess != NULL) strcpy(startAccess,tmpStr4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6090:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outURL, inURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6127:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outURL, tmp);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6341:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(relURL,absURL+abscount);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6394:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpStr,refURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6432:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpStr,relURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6515:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpStr,relURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:138:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p2, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:177:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p2, extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:539:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, p2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:546:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, fname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:567:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, ngp_master_dir); /* construct composite pathname */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:568:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, fname); /* comp = master + fname */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:893:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ngph->tok[ngph->tokcnt].value.s, newtok->value.s);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:216:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(minname[ii], minname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:217:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maxname[ii], maxname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:218:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binname[ii], binname[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:401:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, token+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:404:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:439:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:462:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(minname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:487:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maxname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:517:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binname, token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:906:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[1], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:920:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[2], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:934:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[3], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:984:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname[ii], cpref[ii]); /* try using the preferred column */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1583:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[1], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1597:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[2], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1611:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpref[3], cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1633:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname[ii], cpref[ii]); /* try using the preferred column */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:940:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pixfilename,bang+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:942:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pixfilename,pixname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1334:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1513:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cval,v1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1530:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cval,cpar);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:997:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1005:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1042:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1050:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1087:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1095:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1132:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1140:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1437:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1445:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1474:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1482:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1512:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1520:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1549:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1557:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:1006:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:1018:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:1060:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:1072:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:1074:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:1086:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:979:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:991:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:992:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:1004:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:2005:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:2017:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:1009:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:1021:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:965:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:977:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:958:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:970:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:966:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:978:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1942:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1954:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:983:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, (double) input[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:995:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, cform, dvalue);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:760:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:768:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:801:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:809:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:842:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:850:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:883:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:891:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, tmpstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:934:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valstring, cptr); /* append the fraction to the integer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1021:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, date);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1023:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(card, tmzone);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2072:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tdimstr, value); /* append the axis size */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2175:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tdimstr, value); /* append the axis size */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2567:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tfmt, tform[ii]); /* required TFORMn keyword */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2692:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tfmt, tform[ii]); /* required TFORMn keyword */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:459:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:465:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:471:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:477:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:484:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:490:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:497:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:504:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:511:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:567:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:573:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:581:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:587:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:595:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:602:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:609:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:616:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:658:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(keyname, alt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:199:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:201:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:248:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:249:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:250:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:251:48: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:252:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:247:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (dir, F_OK) < 0)
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:249:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (dir, W_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:499:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (aclist[num].url, acref);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:500:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (aclist[num].fname, "%s%u", base,
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:524:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (infile, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:641:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lockfile, ".%s.LOCK", ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:642:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (dot, ".%s", ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:644:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (lockfile, F_OK) == 0 && access (dot, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:644:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (lockfile, F_OK) == 0 && access (dot, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:648:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access (lockfile, F_OK) == 0 && access (dot, F_OK) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:648:48: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access (lockfile, F_OK) == 0 && access (dot, F_OK) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:652:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access (lockfile, F_OK) < 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:662:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.%s", ofname, extn);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:664:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, ofname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:727:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (new, "%s.fits", fname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:255:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s id attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:264:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s name attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:274:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s val attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:284:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s unit attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:368:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:399:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:430:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:55:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(col[i].name, name);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:58:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(col[i].ucd, ucd);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:84:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (attr->name, name_m);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:89:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (attr->name, name_m);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:159:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, attr->name);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:161:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, attr->value);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:188:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (XML_out, "</%s>", vot_elemName (e));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:203:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define outstr(s) strcat(XML_out,s);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:282:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (req_attr, ablock->req);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:285:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access (arg, R_OK) == 0) { /* input from file */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2136:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cname, atest);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2789:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (oname, F_OK) == 0) /* remove an existing file */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2931:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (extname, tname);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2997:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s name attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3007:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s val attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3017:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s id attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3027:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comment, "%s unit attribute", meta);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3123:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3153:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3184:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3214:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cell, data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3272:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd,
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3276:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (cmd);
data/iraf-2.16.1+2018.11.01/math/slalib/rtl_random.c:30:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(*iseed);
data/iraf-2.16.1+2018.11.01/noao/digiphot/apphot/lib/apphotdef.h:34:50: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
define AP_SEQUENTIAL Memi[$1+21] # Sequential or random access
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h:68:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
define PCOUNT Memi[$1+12] # Number of random parameters
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/wfits.h:101:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
define KEY_PCOUNT 2 # Number of random parameter
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:39:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv(const char *);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:305:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ip = getenv("IRAFULIB")))
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:358:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ip = getenv("IRAFULIB")))
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:220:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "vVdltp:Q:Y:P:b:")) != EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:4:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *F77_aloc(), *getenv();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:42:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ep = getenv(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:50:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ep = getenv(fp);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:203:18: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (!(tmpdir = tmpnam(tdbuf))) {
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:157:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
define getopt xgtopt
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:158:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
define getopt xgtopt
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:50:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define getenv envget
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:88:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (irafarch = getenv("IRAFARCH")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:81:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *gettok(), *getenv();
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:196:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!o_mtdev[0] && (token = getenv ("TAPE")))
data/iraf-2.16.1+2018.11.01/unix/os/zawset.c:41:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int debug = (getenv(ENV_DEBUG) != NULL);
data/iraf-2.16.1+2018.11.01/unix/os/zawset.c:79:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (s = getenv ("MAXWORKSET")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c:67:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (s = getenv ("ZFALOC")) ) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:487:34: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
sprintf (buf, "access %s %s\n", realpath(fname,pathname), modestr);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:557:31: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
sprintf (buf, "delete %s\n", realpath(fname,pathname));
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:687:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((argp = getenv (ENV_VMPORT)))
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:693:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((argp = getenv (ENV_VMCLIENT))) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:679:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((nretryp = getenv(KS_RETRY)))
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:744:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv (KS_RETRY) && nretries--) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:757:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv (KS_NO_RETRY) || ntries++) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:793:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rshcmd = (s = getenv(KSRSH)) ? s : RSH;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1547:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((authp = getenv(KSAUTH)) && (auth = atoi(authp)))
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:35:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ip = getenv ((char *)envvar)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:93:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return (getenv(envvar));
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:112:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
lpath = getenv("TMPDIR");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:127:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rpath = getenv("CPPFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:133:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rpath = getenv("CFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:139:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rpath = getenv("iraf");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:152:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rpath = getenv("LDFLAGS");
data/iraf-2.16.1+2018.11.01/unix/os/zgtime.c:35:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:117:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv (LOGIPC)) {
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:61:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((shell = getenv ("SHELL")) == NULL)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:202:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cptr = getenv("HOME");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:328:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cptr = getenv("HERA_DATA_DIRECTORY");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:780:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
proxy = getenv("http_proxy");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1258:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
verify = getenv("CFITSIO_VERIFY_HTTPS");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3385:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != getenv("ROOTUSERNAME")) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3386:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen(getenv("ROOTUSERNAME")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3391:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(recbuf,getenv("ROOTUSERNAME"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3418:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != getenv("ROOTPASSWORD")) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3419:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen(getenv("ROOTPASSWORD")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3424:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(recbuf,getenv("ROOTPASSWORD"));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:180:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (p = getenv(SHARED_ENV_KEYBASE))) shared_kbase = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:185:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (p = getenv(SHARED_ENV_MAXSEG))) shared_maxseg = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2608:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
DEBUG_PIXFILTER = getenv("DEBUG_PIXFILTER") ? 1 : 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:528:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envar = getenv("CFITSIO_INCLUDE_FILES"); /* scan env. variable, and retry to open */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/simplerng.c:62:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/iraf-2.16.1+2018.11.01/include/drvrsmem.h:85:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char ID[2]; /* ID = 'JB', just as a checkpoint */
data/iraf-2.16.1+2018.11.01/lib/finfo.h:5:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define FI_SZOWNER 15 # char ownerid[FI_SZOWNER]
data/iraf-2.16.1+2018.11.01/lib/fio.h:44:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# (open)
data/iraf-2.16.1+2018.11.01/lib/fio.h:48:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# Channel descriptor (stored in fd if file not multiply open). The DEVPAR
data/iraf-2.16.1+2018.11.01/lib/fio.h:73:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define FF_KEEP 40B # keep file open after task quits?
data/iraf-2.16.1+2018.11.01/lib/fio.h:120:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define STRING_FILE (-1) # open a string as a file
data/iraf-2.16.1+2018.11.01/lib/fmset.h:5:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define FM_FCACHESIZE 2 #RW number of files in open file cache
data/iraf-2.16.1+2018.11.01/lib/fset.h:24:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define F_FILEWAIT 18 # is file wait on open enabled [y/n]
data/iraf-2.16.1+2018.11.01/lib/fset.h:36:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define F_OPEN 30 #r is file open
data/iraf-2.16.1+2018.11.01/lib/gio.h:125:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define GL_AXISLABELSIZE Memr[P2R($1+8)] # char size of axis labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:126:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define GL_AXISLABELCOLOR Memi[$1+9] # char size of axis labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:137:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define GL_TICKLABELSIZE Memr[P2R($1+20)] # char size of tick labels
data/iraf-2.16.1+2018.11.01/lib/gio.h:138:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define GL_TICKLABELCOLOR Memi[$1+21] # char size of tick labels
data/iraf-2.16.1+2018.11.01/lib/imset.h:17:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IM_IMAGENAME 15 # name of open image section
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:443:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDd2tf ( int ndp, double days, char *sign, int ihmsf[4] ) {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:469:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
slaDr2tf( int ndp, double angle, char * sign, int ihmsf[4] ) {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:495:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
slaDr2af( int ndp, double angle, char * sign, int idmsf[4] ) {
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:1644:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDeuler ( const char *order, double phi, double theta, double psi,
data/iraf-2.16.1+2018.11.01/math/slalib/sla.c:2289:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaPreces ( const char sys[3], double ep0, double ep1,
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char telname[41];
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char telshort[11];
data/iraf-2.16.1+2018.11.01/math/slalib/slaTest.c:94:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
h = -1.0; w = 0.0; p = 0.0; strcpy( telshort, "unknown" );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:85:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaCd2tf ( int ndp, float days, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:93:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaCr2af ( int ndp, float angle, char *sign, int idmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:95:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaCr2tf ( int ndp, float angle, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:129:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDd2tf ( int ndp, double days, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:134:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDeuler ( const char *order, double phi, double theta, double psi,
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:159:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDr2af ( int ndp, double angle, char *sign, int idmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:161:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaDr2tf ( int ndp, double angle, char *sign, int ihmsf[4] );
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:240:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaEuler ( const char *order, float phi, float theta, float psi,
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:338:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaOapqk ( const char *type, double ob1, double ob2, double aoprms[14],
data/iraf-2.16.1+2018.11.01/math/slalib/slalib.h:393:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void slaPreces ( const char sys[3], double ep0, double ep1,
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[2*SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:193:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, format[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:203:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newnum = atoi(cp) + (int)VALU(&o2);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:204:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:215:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cp, "%d", (int)VALU(&o2));
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:266:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (res, "%r*", o2.o_val.v_i, lval);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkgmsg[SZ_BKGMSG+1]; /* passed to kernel */
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_cmd[SZ_CMD+1]; /* command entered by user */
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:177:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:178:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Start [%d]", jobno);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:383:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:384:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Stop [%d]", job);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[SZ_DEVNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfilename[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:424:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cd_curr[SZ_PATHNAME]; /* current directory */
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:425:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cd_prev[SZ_PATHNAME]; /* previous directory */
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:540:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:543:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "ERROR: ");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1047:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[SZ_VALUE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttycmd[2048], args[1024], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oscmd[1024], args[1024], *argp[100], *ap;
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1559:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1621:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1621:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1626:28: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!c_mktemp ("tmp$ft", tmpfile, SZ_PATHNAME))
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1627:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1627:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1628:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1628:45: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1633:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1633:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1634:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(outfp = fopen (out, "a")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1643:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oscmd[SZ_LINE], os_filelist[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2083:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/clprintf.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[SZ_PATHNAME], errfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:54:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (outfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:62:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (errfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c:349:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fp[fn] = fopen (fname, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_COMMAND], obuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ed_editorcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char editor[SZ_FNAME]; /* the name of the editor */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[SZ_LINE];/* an edcap string from the .ed file */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[SZ_LINE]; /* the key-sequence label (keyword) */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape[SZ_LINE];/* the escape sequence in c octal */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_LINE]; /* the keystroke name, for HELP */
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:124:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:128:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_string[9];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[MAX_COMMANDS*COLWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strp[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:357:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strp[nstrs], "%8w%-10.10s = %-11.11s%2w",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dbg[SZ_LINE]; /* for formatting msgs */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_nextpset[SZ_FNAME+1]; /* next pset to be edited */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpset[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char runcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:370:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "parmlist: %d %d %d ",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:374:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, " maxpage = %d ", maxpage);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:377:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "topkeys : %d ", topkeys[i]);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:380:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "numkeys = %d ", numkeys);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:443:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outbuf, "(%-7.7s) ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:445:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outbuf, "%-8.8s ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:575:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempbuf, "(%-7.7s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:577:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempbuf, "%-8.8s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colbuf[16];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:661:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf," ***");
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:668:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf, "%10g ", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:674:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf, "%10.10s ", valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_LINE+1];/* error message string */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:721:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstring[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:762:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Expected %d elements on this line",numonrow);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:805:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE]; /* used by e_rpterror and e_clrerror */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:994:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *firstchr[MAX_COMMANDS]; /*array of character pointers */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:995:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arglist[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldword[G_MAXSTRING]; /* save the deleted word */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldline[G_MAXSTRING]; /* save the deleted line */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1], *pset;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE+1], *errfmt, *errarg;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1972:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "nextline=%d, nextkey=%d line=%d keys=%d",
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:2068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[512];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:2142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[512], *line;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e_pset[SZ_FNAME+1]; /* pset name (task or file) */
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape[SZ_ESCAPE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystroke[SZ_KEYSTROKE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.h:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *cmdnames[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:260:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen();
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:353:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
currentask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:377:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nabuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:378:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (nabuf, "$nargs,i,h,%d\n", pfp->pf_n);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:427:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newtask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:435:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newtask->t_in = fopen (newtask->t_ltp->lt_pname, "r");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:448:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startup_msg[SZ_STARTUPMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:492:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redir[20];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:552:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " < $");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:554:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " > $");
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:556:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDERR);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:562:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDGRAPH);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDIMAGE);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:570:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDPLOT);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:603:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:604:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:685:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bin_path[SZ_PATHNAME+1], loc_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[SZ_FNAME+1], root_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindir[SZ_FNAME+1], *ip = NULL, *arch = NULL;
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_root[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:1260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/iraf-2.16.1+2018.11.01/pkg/cl/globals.c:110:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmdnames[MAX_COMMANDS] = {
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:153:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:159:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:164:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, " (minimum=");
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:170:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, ": maximum=");
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:191:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:194:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:197:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, " choose: ");
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmdblk[SZ_CMDBLK+1]; /* current command block (in history.c) */
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:191:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sb[REALWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:192:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sb, "%e", EPSILON);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:310:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, "%0.12s = ", pp->p_name);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:323:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[15]; /* Maximum length of an index range should
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:339:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ibuf, "%d:%d", amin, amax);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:341:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ibuf, "%d", amax);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], *list[MAXMENU];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pts[3];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:574:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:985:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[SZ_PIPEFILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_cmdblk[SZ_CMDBLK+1];/* saves raw command for history (for scripts)*/
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1]; /* command block buffer */
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histbuf[SZ_HISTBUF+1]; /* history buffer */
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_cmd[SZ_LINE+1]; /* buffer for raw command line */
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_cmd[SZ_CMDBLK+1]; /* temporary for processed cmd */
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_command_block[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:401:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = -atoi(ip++);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:403:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = histnum - atoi(ip) + 1;
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_LINE+1], text[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *recptr[MAX_SHOWHIST];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:982:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (logfile(), "a"))) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1004:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1028:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1084:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datebuf[64];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SZ_LOGBUF], job[5];
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:1124:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (job, "[%d] ", bkgno);
data/iraf-2.16.1+2018.11.01/pkg/cl/lexicon.c:219:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkgmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c:721:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/cl/lexyy.c:723:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yysbuf[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/cl/lists.c:57:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((pp->p_listfp = fopen (filename, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alt_loginfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clstartup[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:471:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:483:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (global, "/etc/iraf/login.cl");
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logoutfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:531:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (logoutfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/main.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_PROMPTBUF+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[33];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:308:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (source, "stdgraph");
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:311:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (source, "stdimage");
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:333:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE+1], keystr[10];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:343:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "%c", key);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:345:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "\\%03o", key);
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:548:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:633:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:779:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (bqfile, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:805:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen (qrfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:830:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrtemp[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:840:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (bqfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:859:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (qrtemp, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:174:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:207:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stderr = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:244:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[1024+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:918:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:945:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdin = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:981:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, count > 1 ? "ab" : "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:1142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:60:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outstr, "%d", op->o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:64:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outstr, "%g", op->o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[MAXPROMPT+1], *out;
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newstr[SZ_LINE], *new;
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:266:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:273:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numstr, "%d", o.o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:277:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numstr, "%g", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexnum[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:370:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hexnum, "0x");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[5]; /* used to turn bits into string */
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20]; /* to stuff the expanded type in */
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:481:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:483:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:485:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:487:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:489:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:603:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redir[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1026:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1028:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1030:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1032:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1034:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:1306:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp->p_name, "$%d", pos);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pf_pfilename[SZ_FNAME+1]; /* file to be updated */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usr_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkg_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:301:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pkg_pfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:471:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pfilename, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:604:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:617:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dot ? dot : op, ".par");
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:633:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pfname, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfilename[SZ_FNAME]; /* user pfile */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1277:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi (s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1580:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(pp->p_aval.a_i + i) = atoi(s);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1625:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(str);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1651:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE]; /* working scratch buffer */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strings[4][25];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pr_name[SZ_PATHNAME+1]; /* filename of process */
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[MAXSUBPROC][SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodename[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/cl/prcache.c:449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[100];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *v[MAXARGS];
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:242:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_param[SZ_FNAME]; /* Parameter name of ref's */
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:243:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_task[SZ_FNAME]; /* ltaskname of command */
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:281:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmdblk[SZ_CMDBLK+1]; /* Command buffer in history.c */
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1640:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1657:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3351:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[2*SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:236:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, format[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:246:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newnum = atoi(cp) + (int)VALU(&o2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:247:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:258:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cp, "%d", (int)VALU(&o2));
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:267:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (res, "%r*", o2.o_val.v_i, lval);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkgmsg[SZ_BKGMSG+1]; /* passed to kernel */
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_cmd[SZ_CMD+1]; /* command entered by user */
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:179:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:180:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Start [%d]", jobno);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:378:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:379:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Stop [%d]", job);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkg_query_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_response_file[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[SZ_DEVNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfilename[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:451:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cd_curr[SZ_PATHNAME]; /* current directory */
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:452:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cd_prev[SZ_PATHNAME]; /* previous directory */
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:588:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:591:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "ERROR: ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:637:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errcom.script, "CL");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[SZ_VALUE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttycmd[2048], args[1024], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oscmd[1024], args[1024], *argp[100], *ap;
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1666:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1727:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1732:28: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!c_mktemp ("tmp$ft", tmpfile, SZ_PATHNAME))
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1733:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1733:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy (tmpfile, "tmp$ft.out");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1734:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1734:45: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_oscmd (oscmd, in, tmpfile, append_all ? tmpfile : err);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1739:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1739:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fp = fopen (tmpfile, "r")) != NULL &&
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1740:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(outfp = fopen (out, "a")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1749:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oscmd[SZ_LINE], os_filelist[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2250:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char handler[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clprintf.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[SZ_PATHNAME], errfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:53:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (outfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:61:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (errfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c:374:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fp[fn] = fopen (fname, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_COMMAND], obuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[PF_MAXLIN+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ed_editorcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char editor[SZ_FNAME]; /* the name of the editor */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[SZ_LINE];/* an edcap string from the .ed file */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[SZ_LINE]; /* the key-sequence label (keyword) */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape[SZ_LINE];/* the escape sequence in c octal */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_LINE]; /* the keystroke name, for HELP */
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:124:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:128:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_string[9];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[MAX_COMMANDS*COLWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strp[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:356:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strp[nstrs], "%8w%-10.10s = %-11.11s%2w",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dbg[SZ_LINE]; /* for formatting msgs */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_nextpset[SZ_FNAME+1]; /* next pset to be edited */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char epar_cmdbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpset[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char runcmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:382:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "parmlist: %d %d %d ",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:386:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, " maxpage = %d ", maxpage);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:389:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "topkeys : %d ", topkeys[i]);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:392:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "numkeys = %d ", numkeys);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:455:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outbuf, "(%-7.7s) ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:457:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outbuf, "%-8.8s ", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[MAXPROMPT];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:587:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempbuf, "(%-7.7s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:589:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempbuf, "%-8.8s=", parmlist[keyid]->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colbuf[16];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:673:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf," ***");
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:680:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf, "%10g ", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:686:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (colbuf, "%10.10s ", valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[SZ_LINE+1];/* error message string */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:733:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstring[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:774:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "Expected %d elements on this line",numonrow);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:817:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE]; /* used by e_rpterror and e_clrerror */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1006:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *firstchr[MAX_COMMANDS]; /*array of character pointers */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1007:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arglist[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldword[G_MAXSTRING]; /* save the deleted word */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldline[G_MAXSTRING]; /* save the deleted line */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[G_MAXSTRING];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1], *pset;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE+1], *errfmt, *errarg;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1984:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbg, "nextline=%d, nextkey=%d line=%d keys=%d",
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:2080:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[512];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:2154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[512], *line;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e_pset[SZ_FNAME+1]; /* pset name (task or file) */
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape[SZ_ESCAPE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystroke[SZ_KEYSTROKE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.h:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *cmdnames[MAX_COMMANDS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE+1]; /* error message string */
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task[SZ_FNAME+1]; /* task posting the error */
data/iraf-2.16.1+2018.11.01/pkg/ecl/errs.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script[SZ_FNAME+1]; /* script calling task */
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:301:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen();
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:397:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
currentask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:421:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nabuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:422:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (nabuf, "$nargs,i,h,%d\n", pfp->pf_n);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:471:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newtask->t_in = fopen ("dev$null", "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:480:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newtask->t_in = fopen (newtask->t_ltp->lt_pname, "r");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:493:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startup_msg[SZ_STARTUPMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:537:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redir[20];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:597:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " < $");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:599:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " > $");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:601:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDERR);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:607:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDGRAPH);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:611:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDIMAGE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:615:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (redir, " %d> $", STDPLOT);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:648:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:649:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:730:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bin_path[SZ_PATHNAME+1], loc_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[SZ_FNAME+1], root_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindir[SZ_FNAME+1], *ip = NULL, *arch = NULL;
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_root[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1335:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "r"); /* open the script */
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/iraf-2.16.1+2018.11.01/pkg/ecl/globals.c:108:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmdnames[MAX_COMMANDS] = {
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:154:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:159:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, " (minimum=");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:165:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (message, ": maximum=");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char message[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:187:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:190:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, " choose: ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmdblk[SZ_CMDBLK+1]; /* current command block (in history.c) */
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:171:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define retconst(val) { sprintf (sb, "%g", val); \
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sb[REALWIDTH];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:274:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sb, "%e", EPSILON);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:402:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, "%0.12s = ", pp->p_name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:415:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[15]; /* Maximum length of an index range should
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:431:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ibuf, "%d:%d", amin, amax);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:433:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ibuf, "%d", amax);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], *list[MAXMENU];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pts[3];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:649:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:1137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[SZ_PIPEFILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_cmdblk[SZ_CMDBLK+1];/* saves raw command for history (for scripts)*/
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1]; /* command block buffer */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[SZ_CMDBLK+1]; /* command prompt */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histbuf[SZ_HISTBUF+1]; /* history buffer */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_cmd[SZ_LINE+1]; /* buffer for raw command line */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_cmd[SZ_CMDBLK+1]; /* temporary for processed cmd */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:372:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_CMDBLK];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_command_block[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:445:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = -atoi(ip++);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:447:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = histnum - atoi(ip) + 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[SZ_LINE+1], text[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1], *argp[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *recptr[MAX_SHOWHIST];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdblk[SZ_CMDBLK+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1014:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (prompt, "ecl> ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1044:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (logfile(), "a"))) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1066:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1090:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "a")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datebuf[64];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SZ_LOGBUF], job[5];
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:1186:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (job, "[%d] ", bkgno);
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexicon.c:216:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkgmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c:721:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lexyy.c:723:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yysbuf[YYLMAX];
data/iraf-2.16.1+2018.11.01/pkg/ecl/lists.c:55:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((pp->p_listfp = fopen (filename, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:244:6: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:245:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alt_loginfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_envfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clstartup[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clprocess[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:379:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[FAKEPARAMLEN];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arglist[SZ_LINE], *ap;
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:511:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
o.o_val.v_s = tmpfile;
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:525:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:537:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (global, "/etc/iraf/login.cl");
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:594:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tmpfile, buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:594:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
static char *tmpfile, buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:597:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "/tmp/envcl");
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:599:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (c_access (tmpfile, 0, 0) == YES)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:600:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
c_delete (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:601:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen (tmpfile, "wt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:601:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((out = fopen (tmpfile, "wt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:602:59: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
printf ("Warning: tmp output file '%s' not found\n", tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:606:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd1 = fopen (in1, "rt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:614:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd2 = fopen (in2, "rt")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:622:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
return (tmpfile);
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logoutfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:641:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (logoutfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_PROMPTBUF+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[33];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:304:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (source, "stdgraph");
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:307:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (source, "stdimage");
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:329:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE+1], keystr[10];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:339:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "%c", key);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:341:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keystr, "\\%03o", key);
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:540:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:622:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:764:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (bqfile, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:790:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen (qrfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bqfile[SZ_PATHNAME], qrfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrtemp[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:825:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (bqfile, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:844:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (qrtemp, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:171:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:204:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stderr = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:241:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[1024+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:881:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdout = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:908:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((newtask->t_stdin = fopen (fname, mode)) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:942:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, count > 1 ? "ab" : "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1055:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:1100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.h:121:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define op2str(op) ((char *)(opstrings[op-1] ? opstrings[op-1] : ""))
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:57:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outstr, "%d", op->o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:61:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outstr, "%g", op->o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[MAXPROMPT+1], *out;
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newstr[SZ_LINE], *new;
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:251:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:258:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numstr, "%d", o.o_val.v_i);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:262:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (numstr, "%g", o.o_val.v_r);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexnum[MAX_DIGITS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:352:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hexnum, "0x");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[5]; /* used to turn bits into string */
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20]; /* to stuff the expanded type in */
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:468:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:470:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:472:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:474:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:476:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:591:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redir[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1010:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "struct");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1012:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "gcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1014:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "imcur");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1016:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "ukey");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1018:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (--bp, "pset");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:1284:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp->p_name, "$%d", pos);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pf_pfilename[SZ_FNAME+1]; /* file to be updated */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usr_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkg_pfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:299:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pkg_pfile, "r")) != NULL) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:469:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pfilename, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:615:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dot ? dot : op, ".par");
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:631:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (pfname, "w")) == NULL)
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfilename[SZ_FNAME]; /* user pfile */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkgdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1262:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi (s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1565:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(pp->p_aval.a_i + i) = atoi(s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1607:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(str);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1630:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE]; /* working scratch buffer */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strings[4][25];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pr_name[SZ_PATHNAME+1]; /* filename of process */
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[MAXSUBPROC][SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodename[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/pkg/ecl/prcache.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[100];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *v[MAXARGS];
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *errmsg[SZ_LINE];/* error message */
data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, sbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:250:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_param[SZ_FNAME]; /* Parameter name of ref's */
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_task[SZ_FNAME]; /* ltaskname of command */
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmdblk[SZ_CMDBLK+1]; /* Command buffer in history.c */
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1676:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1693:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3392:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/pkg/images/immatch/src/imcombine/src/icmask.h:11:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define ICM_OPEN 0 # Keep masks open
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:13:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define IDS_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:35:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IDS_DEVNAME Memi[$1+26] # name of open device
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/helpdir.h:16:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define HD_NEXTCH Memi[$1+1] # index of next char in sbuf
data/iraf-2.16.1+2018.11.01/pkg/system/help/helpdir.h:16:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define HD_NEXTCH Memi[$1+1] # index of next char in sbuf
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_filename[FLEN_FILENAME+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_keyword[FLEN_KEYWORD+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:11:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_card[FLEN_CARD+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_value[FLEN_VALUE+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_comment[FLEN_COMMENT+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbfxff.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c_message[FLEN_ERRMSG+1];
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h:11:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define ER_TBTOOLATE 31 # too late, table is already open
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tblerr.h:12:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define ER_TBNOTOPEN 32 # table must be open for this option
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/stxtools/od/od.h:16:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define OD_GRP Memi[$1+5] # Current open group.
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h:10:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define ER_TBTOOLATE 31 # too late, table is already open
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tblerr.h:11:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define ER_TBNOTOPEN 32 # table must be open for this option
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/threed/tbtables.h:54:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define TB_IS_OPEN Memb[$1+12] # Table is open?
data/iraf-2.16.1+2018.11.01/sys/etc/environ.h:26:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define E_SETP (($1+4-1)*SZ_SHORT+1) # char pointer to name field
data/iraf-2.16.1+2018.11.01/sys/fmio/fmio.h:12:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define DEF_FCACHESIZE 8 # default open files in file cache
data/iraf-2.16.1+2018.11.01/sys/fmio/fmset.h:5:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define FM_FCACHESIZE 2 #RW number of files in open file cache
data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h:31:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define CCP_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/calcomp/ccp.h:52:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define CCP_DEVNAME Memi[$1+26] # name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h:11:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define RC_PHYSOPEN Memi[$1+2] # physical open by rcursor
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h:13:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# (open)
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h:40:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define TR_WSOPEN Memi[$1+19] # workstation open count
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/gtr.h:45:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# (open)
data/iraf-2.16.1+2018.11.01/sys/gio/gks/gks.h:3:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define NDEV 10 # Maximum number of open devices possible
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:36:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define AX_TICKLABELSIZE Memr[P2R($1+33)] # char size of ticklabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:37:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define AX_TICKLABELCOLOR Memi[$1+34] # char size of ticklabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:39:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define AX_AXISLABELSIZE Memr[P2R($1+36)] # char size axislabel
data/iraf-2.16.1+2018.11.01/sys/gio/glabax/glabax.h:40:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define AX_AXISLABELCOLOR Memi[$1+37] # char size axislabel
data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h:14:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define IMD_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/imdkern/imd.h:37:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IMD_DEVNAME Memi[$1+26] # name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h:15:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define GKT_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/nsppkern/gkt.h:36:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define GKT_DEVNAME Memi[$1+26] # name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h:14:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define SGI_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/sgikern/sgi.h:37:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define SGI_DEVNAME Memi[$1+26] # name of open device
data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h:26:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define SG_NEXTCH Memi[$1+2] # next char pos in string buf
data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h:52:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define SG_DEVNAME Memi[$1+28] # name of open device
data/iraf-2.16.1+2018.11.01/sys/gty/gty.h:11:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# The caplist is indexed at open time to permit a binary search for
data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h:24:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IKI_OPEN k_table[1,$1] # open/create image
data/iraf-2.16.1+2018.11.01/sys/imio/iki/iki.h:26:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IKI_OPIX k_table[3,$1] # open/create pixel file
data/iraf-2.16.1+2018.11.01/sys/libc/atoi.c:14:1: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (char *str)
data/iraf-2.16.1+2018.11.01/sys/libc/atol.c:14:1: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol (char *str)
data/iraf-2.16.1+2018.11.01/sys/libc/fopen.c:16:1: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen (
data/iraf-2.16.1+2018.11.01/sys/libc/freadline.c:21:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/mktemp.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unique[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/sys/libc/perror.c:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sys_errlist[1]; /* UNIX standard */
data/iraf-2.16.1+2018.11.01/sys/libc/perror.c:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u_oserrmsg[SZ_OSERRMSG+1];
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_ucc[SZ_UCC+1];
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[SZ_NUMBUF+1];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:23:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "\tabcdef %0*d[%-5.2s], %h\n", 5, 99, "wxyz", 12.5);
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:34:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen ("junk", "r")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:36:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen ("junk2", "wb")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[SZ_LINE];
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[SZ_LINE+1], delim;
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:97:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (token, "r");
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_strarg[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:117:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (FNAME, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_format[1024];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_action[2];
data/iraf-2.16.1+2018.11.01/sys/memdbg/memlog.c:153:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (FNAME, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:32:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define MT_FILNO mtdev[7,$1+1] # old file number at open
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:33:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define MT_RECNO mtdev[8,$1+1] # old record number at open
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:23:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define SV_MWSVOFF Memi[$1+3] # char offset of saved MWSV
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:25:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define SV_DBUFOFF Memi[$1+5] # char offset of saved DBUF
data/iraf-2.16.1+2018.11.01/sys/mwcs/mwsv.h:27:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define SV_SBUFOFF Memi[$1+7] # char offset of saved SBUF
data/iraf-2.16.1+2018.11.01/sys/osb/bswap4.c:21:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[4];
data/iraf-2.16.1+2018.11.01/sys/osb/bswap8.c:21:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[8];
data/iraf-2.16.1+2018.11.01/sys/osb/chrpak.c:23:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
op = &((unsigned char *)b)[*b_off-1];
data/iraf-2.16.1+2018.11.01/sys/osb/chrupk.c:25:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ip = &((unsigned char *)a)[*a_off-1+n];
data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkstr[*maxch];
data/iraf-2.16.1+2018.11.01/sys/osb/strsum.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkstr[*maxch];
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:5:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# PLNAME or the open mask descriptor PM. An image pixel is said to be visible
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:78:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define PS_CFONT_CH Memi[$1+40] # current font code char
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:79:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define PS_PFONT_CH Memi[$1+41] # special font code char
data/iraf-2.16.1+2018.11.01/sys/psio/psio.h:80:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
define PS_SFONT_CH Memi[$1+42] # special font code char
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h:16:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# Magic values used to represent open ranges :N and N:.
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h:53:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IO_FD Memi[$1+19] # file descriptor of open lfile
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpio.h:55:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define IO_CHAN Memi[$1+21] # i/o channel of open lfile
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:25:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# The caplist is indexed at open time to permit a binary search for
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:44:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define T_NLINES Memi[$1+9] # nlines on terminal at open
data/iraf-2.16.1+2018.11.01/sys/tty/tty.h:45:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define T_NCOLS Memi[$1+10] # ncols on terminal at open
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkglibs[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlibs[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:55:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vfn, "$lib/");
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME+1], *hlib;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char irafarch[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkname[SZ_FNAME+1], old_value[SZ_VALUE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:166:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (osfn, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:217:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (vfn2osfn(fname,0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfcopy.c:70:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = open (vfn2osfn(oldfile,0), O_RDONLY)) == ERR)
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfn2vfn.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char irafdir[SZ_PATHNAME+1] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostdir[SZ_PATHNAME+1] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char valstr[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osopen.c:24:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open (vfn2osfn (vfn, 0), O_RDONLY));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_VALUE], *env;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_VALUE], *env;
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:94:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/vfn2osfn.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1], *ldir;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_types[20]; /* "csilrdx" */
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtype_string[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files[MAXFILES], *s, **p, *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME], *extension;
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genfname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:135:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen (input_file, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:166:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (template, "$t");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:181:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (template, "$t");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:204:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fname, "w")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:237:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char types[20];
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:571:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr_buf[80], *expr;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME+1], *val;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:91:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (&name[1], "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:210:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ps[2] = "\0";
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_NAME+1]; /* file name */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[SZ_LNAME+1]; /* logical name */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1]; /* file name */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:112:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_CMD+1], *args;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:110:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:112:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backup[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:385:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backup[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_COPYBUF], *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:528:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = open(old,O_RDONLY)) == ERR || fstat(in,&fi) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:748:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char objfile[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:757:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (op, ".o");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:809:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathname[SZ_LIBPATH];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relpath[SZ_LIBPATH];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_SBUF]; /* string buffer */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pkgenv[MAX_PKGENV]; /* package environments */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_pkgenv[SZ_PKGENV+1]; /* buffer for pkgenv names */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char irafdir[SZ_PATHNAME+1]; /* iraf root directory */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *symargs[MAX_ARGS], *modules[MAX_ARGS];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:238:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:250:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_xflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:258:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_xvflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:266:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_lflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:281:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pbstk[SZ_PBSTK]; /* save pushed ips */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbbuf[SZ_PBBUF+1]; /* push back buffer */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flist[MAX_FILES]; /* file list */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rflist[MAX_FILES]; /* remote file list */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdir[SZ_PATHNAME+1]; /* cwd for printed output */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirpath[SZ_PATHNAME+1]; /* os path of cwd */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char library[SZ_PATHNAME+1]; /* library being updated */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libpath[SZ_PATHNAME+1]; /* pathname of library */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/mkpkg.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkpkgfile[SZ_FNAME+1]; /* mkpkg file being scanned */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:41:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dflist[MAX_DEPFILES+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[SZ_PATHNAME+1], modname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:311:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:325:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:774:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cx->fp = fopen (vfn2osfn(fname,0), "r");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word1[SZ_FNAME+1], word2[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:871:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdir[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mlb_sbuf[SZ_SBUF]; /* string buffer */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modname[SZ_KEY+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:87:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (libfname, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[17], date[13];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:194:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:196:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(&arf.ar_name[3]);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sf_dirs[MAX_SFDIRS]; /* source directories */
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkobj[SZ_CMD+SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/sflist.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_PREDBUF], *argv[MAX_ARGS];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[SZ_FNAME+1], subdir[SZ_FNAME+1], fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[SZ_FNAME+1], value[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modspec[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char match[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xflags[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dflist[MAX_DEPFILES+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:780:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (xflags, "-d ");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:782:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (xflags, "-x ");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:827:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:829:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ip, token[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkline[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:900:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -d");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:902:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmd, " -x");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:943:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[SZ_CMD+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:975:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[SZ_PBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1028:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1052:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1237:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char args[SZ_PBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokbuf[SZ_COMMAND+1];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:1450:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lstr[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *only[MAXEXTN]; /* delete files with these extensions */
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *excl[MAXEXTN]; /* exclude these files */
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmbin/rmbin.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prog[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[SZ_PATHNAME+1], path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *extnlist[MAXEXTN], *ip, *op;
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:150:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (vfn2osfn(prog,0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rmfiles/rmfiles.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[TBLOCK];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ]; /* NULL delimited */
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8]; /* octal, ascii */
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[8];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:134:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tapeblock[SZ_TAPEBUFFER];
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padbuf[SZ_PADBUF+10];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[FILENAMESIZE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:19:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cname, "a");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:21:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/open.c:23:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cname, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:135:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccomp[SZ_FNAME] = CCOMP;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:136:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f77comp[SZ_FNAME] = F77COMP;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linker[SZ_FNAME] = LINKER;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:138:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f2cpath[SZ_FNAME] = "/usr/bin/f2c";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g77path[SZ_FNAME] = "/usr/bin/g77";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[SZ_FNAME] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[SZ_FNAME] = "";
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:143:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lflags[MAXFLAG+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lfiles[MAXFILE+1]; /* all files */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hlibs[MAXFILE+1]; /* host libraries */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lxfiles[MAXFILE+1]; /* .x files */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:147:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lffiles[MAXFILE+1]; /* .f files */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:148:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SZ_BUFFER+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:149:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libbuf[SZ_LIBBUF+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_pkgenv[SZ_PKGENV+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floatoption[32] = ""; /* f77 arch flag, if any */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arglist[MAXFILE+MAXFLAG+10];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:224:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (f77comp, "f77");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:277:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, u_pkgenv[SZ_PKGENV+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:539:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (outfile, ".e");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:585:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ip, *op, *vp, fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:788:6: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp (tempfile);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:899:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shlib[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:900:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edsym[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:901:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:913:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (command, " -T");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:915:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (command, " -t");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fp, *fs, lflag[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1011:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savename[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1107:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xpp_path[SZ_PATHNAME+1], rpp_path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[SZ_CMDBUF], fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1133:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (cmdbuf, " -h ");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[256];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1419:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirpath[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1444:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char envpath[8192];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[SZ_SBUF+1]; /* string buffer */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char procname[SZ_FNAME+1]; /* procedure name */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokstr[SZ_TOKEN+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:120:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[200];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokstr[SZ_TOKEN+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[200];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:977:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[YYLMAX];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:1017:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fname[MAX_INCLUDE][SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2731:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen (vfn2osfn (fname[istkptr],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hfile[SZ_FNAME+1], *op;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2843:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2860:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen (vfn2osfn(fname[istkptr],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_INCLUDE][SZ_PATHNAME];/* file names */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_OBUF]; /* buffer for body of procedure */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[SZ_DBUF]; /* buffer for misc proc. decls. */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_SBUF]; /* string buffer */
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:391:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st_buf[SZ_STBUF];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:560:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *emsg[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[20];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:626:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg, "#!# %d\n", linenum[istkptr] - 1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task_name[SZ_FNAME], proc_name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1002:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1028:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "data\t(dp(iyy),iyy=%2d,%2d)\t/",
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1035:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%2d/\n", XEOS);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1037:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%4d/\n", offset==EOS ? XEOS: offset);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1039:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%4d,", offset==EOS ? XEOS: offset);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1073:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lbuf, "\tif (streq (task, dict(dp(%d)))) {\n", i+1);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1077:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lbuf, "\t return (OK)\n");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1079:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lbuf, "\t}\n");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1451:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[SZ_LINE], outbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1520:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&id[2], "%04d", str_idnum++);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decimal_constant[SZ_NUMBUF], *p;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1737:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (decimal_constant, "%ld", value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvalue[SZ_NUMBUF], *ip;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1781:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cvalue, "%d.%ldD0", bvalue, value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1783:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cvalue, "%d.%ld", bvalue, value);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char irafdefs[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_pkgenv[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:118:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (fname[0], "STDIN");
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:129:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((source = fopen (vfn2osfn(argv[i],0), "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:139:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyout = fopen (osfn, "w")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:152:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_defs = fopen (irafdefs, "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppmain.c:206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rfname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[TBLOCK];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ]; /* NULL delimited */
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8]; /* octal, ascii */
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[8];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:107:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tapeblock[SZ_TAPEBUFFER];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *def_flist[2] = { ".", NULL };
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[10];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TBLOCK*2];
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:707:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:256:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
finput = fopen (parser, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:289:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdebug = fopen (DEBUGNAME, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:307:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fudecl = fopen (UDFILE, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:321:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftable = fopen (TABFILE, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:335:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faction = fopen (ACTNAME, "r");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:431:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (q, "%d)", -i);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:102:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cnamesblk0[CNAMSZ];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *typeset[NTYPES]; /* pointers to type tags */
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actname[8];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[F_NAME_LENGTH + 1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:198:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(parser, "lib/yaccpar.x");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:250:15: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
parser = strcat (cp, "/yaccpar");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:283:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat (fname, ".output");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:284:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
foutput = fopen (fname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:295:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat (fname, ".tab.h");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:296:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdefine = fopen (fname, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:301:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdebug = fopen (DEBUGNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:319:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsppout = fopen (OFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:322:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftable = fopen (TABFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:325:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fudecl = fopen (UDFILE, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:330:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftemp = fopen (TEMPNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:331:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faction = fopen (ACTNAME, "w");
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:340:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((finput = fopen (infile = argv[optind], "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:696:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (actname, "$$%d", nprod);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_name[NAMESIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y4.c:78:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((finput = fopen (TEMPNAME, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/getopt.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opts[256]; /* assume 8-bit bytes */
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/arithchk.c:192:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("arith.h", "w");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/ctype.h:9:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char My_ctype[264] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:18:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
extern FILE *tmpfile();
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:45:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf,"fort.%ld",(long)a->aunit);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/endfile.c:111:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
|| !(tf = tmpfile())) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fio.h:18:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define FOPEN fopen
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/fmtlib.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXINTLENGTH+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *ep, *fp;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/inquire.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f__ltab[128+1] = { /* offset one for EOF */
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[FMAX+EXPMAXDIGS+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:162:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f__lcount = atoi(s);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:220:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sp+1, "e%ld", exp);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nmLbuf[256], *nmL_next;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEFBL];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ba, *bb, bufa[LEFBL], bufb[LEFBL];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:33:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Const char *f__r_mode[2] = {"r", "r"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:34:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Const char *f__w_mode[4] = {"w", "w", "r+w", "r+w"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:36:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Const char *f__r_mode[2] = {"rb", "r"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:37:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Const char *f__w_mode[4] = {"wb", "w", "r+b", "r+"};
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:40:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f__buf0[400], *f__buf = f__buf0;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:192:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "fort.%ld", (long)a->ounit);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:215:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void) strcpy(buf,"tmp.FXXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:219:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!(b->ufd = tmpfile()))
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nbuf[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:287:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(nbuf,"fort.%ld",(long)n);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:7:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:17:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern int creat(const char*,int), open(const char*,int);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[FMAX+EXPMAXDIGS+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rdfmt.c:382:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sp+1, "e%ld", exp);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c:150:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Alpha[256], Alphanum[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsne.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_cat.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp0, lp1, L);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c:70:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("con", "r");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/system_.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff0[256], *buff;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FMAX+EXPMAXDIGS+4], *s, *se;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:90:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%#.*E", d, dd);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:114:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:114:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:117:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(se, "%+.2d", atoi(se) + 1 - f__scale);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:119:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(se, "+00");
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *b, buf[MAXINTDIGS+MAXFRACDIGS+4], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:243:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b = buf, "%#.*f", d, x);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:246:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(b = buf, "%#.*f", d, x) + d1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char etype[Table_size], *db;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:144:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(z0, "-0.");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ebuf, "%ld", ex + nd - 1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:119:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "bad impldoblock #%lx",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:388:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char varname[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/data.c:394:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s = buf, "Q.%ld", memno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:549:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[IDENT_LEN + 1]; /* C string form of identifier */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/defs.h:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/error.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[250];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:851:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q->user.ident, "fmt_%ld", labelval->stateno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *s0 = s;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:159:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *kind[3] = { "Binary", "Hex", "Octal" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[160], *who;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:2963:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)lv, (char *)rv, sizeof(union Constant));
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:3126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)powp, (char *)&ap->Const, sizeof(ap->Const));
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:3579:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *powint[ ] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char this_proc_name[52]; /* Name of the current procedure. This is
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[P1_FILENAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:101:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen (p1_file, binread)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:153:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (debugflag && (pass1_file = fopen (p1_bakfile, binwrite)))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:154:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (infile = fopen (p1_file, binread)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:164:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pass1_file = fopen (p1_file, binwrite)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[P1_STMTBUFSIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:944:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:1379:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:1984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXNAMELEN+30]; /*30 should be overkill*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2167:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\t/* was "); /* would like to say k = sprintf(...), but */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2181:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+k, "[%ld]", j);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2192:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf+k, " */");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1324];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:59:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sortfp = fopen(sortfname, textread)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[VNAME_MAX], ovarname[VNAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:112:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (memno2info(atoi(varname+2), &np)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:292:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memno = atoi(varname + 2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INIT_LINE + 1], *pointer;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:475:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newval = (char *)atol(pointer);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8], *comma;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:939:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:942:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[%ld]", L);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imag_buf[50], real_buf[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:692:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char x[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:697:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x, "<%d>", yyc);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:704:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char x[10];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:709:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x, "<%d>\n", yys);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1041:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = (yypt[-0].yyv.namval ? mkchain((char *)yypt[-0].yyv.namval,CHNULL) : CHNULL ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1044:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ if(yypt[-0].yyv.namval) yypt[-2].yyv.chval = yyval.chval = mkchain((char *)yypt[-0].yyv.namval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1327:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1435:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.namval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1438:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = hookup(yypt[-2].yyv.chval, mkchain((char *)yypt[-0].yyv.namval, CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1469:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1472:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1563:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-3].yyv.expval, mkchain((char *)yypt[-1].yyv.expval,CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1563:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-3].yyv.expval, mkchain((char *)yypt[-1].yyv.expval,CHNULL)); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1668:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-2].yyv.namval, yypt[-0].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1738:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = yypt[-0].yyv.expval ? mkchain((char *)yypt[-0].yyv.expval,CHNULL) : CHNULL; } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1741:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = yypt[-0].yyv.expval ? mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval) : yypt[-2].yyv.chval; } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1753:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1756:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = hookup(yypt[-2].yyv.chval, mkchain((char *)yypt[-0].yyv.expval,CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1903:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1906:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1915:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1918:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, CHNULL); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1921:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1921:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1924:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1924:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1927:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1927:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1930:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1930:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, mkchain((char *)yypt[-2].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1933:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.expval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1936:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.chval = mkchain((char *)yypt[-0].yyv.tagval, yypt[-2].yyv.chval); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1945:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.tagval = (tagptr) mkiodo(yypt[-1].yyv.chval, mkchain((char *)yypt[-3].yyv.expval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/gram.c:1948:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ yyval.tagval = (tagptr) mkiodo(yypt[-1].yyv.chval, mkchain((char *)yypt[-3].yyv.tagval, CHNULL) ); } break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char main_alias[52]; /* PROGRAM name, if any is given */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *casttypes[TYSUBR+1] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *usedcasts[TYSUBR+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:233:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av_pfix[TYVOID] = {"??TYUNKNOWN??", "a","i1","s","i",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:291:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:292:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hextoi_tab[Table_size], Letters[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/init.c:506:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "characters out of order in implicit:%c-%c", c1, c2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intrfname[8];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spxname[8]; /* Name of the function in Fortran */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:410:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *callbyvalue[ ] =
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:480:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(S->spxname, "h_dnnt");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:488:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(S->spxname, "i_dnnt");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/intr.c:623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *bitop[3] = { bit_bits, bit_shift, bit_cshift };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:54:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
LOCAL char ioroutine[12];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1343:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p1->user.ident, "fmt_%ld",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24], buf1[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1416:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.", comm->curno);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1420:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "+%ld", ci);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1430:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%ld", ci);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/iob.h:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defname[1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:88:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
LOCAL char comstart[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:89:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define USC (unsigned char *)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:91:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char anum_buf[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMENT_BUF_STORE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fbuf[P1_FILENAME_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:257:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
LOCAL char *stbuf[3];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:341:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, textread);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:364:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, textread);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:382:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(name, textread)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:722:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char a[6]; /* Statement label buffer */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf72[24];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[COMMENT_BUFFER_SIZE + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:928:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf72+20, "...");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1552:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2*MAXNAMELEN+50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1554:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1586:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radix = atoi (nextch);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_rets[TYSUBR+1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:240:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *hset[3] = { 0, "integer", "doublereal" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:359:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char st[4] = { TYREAL, TYCOMPLEX, TYDCOMPLEX, TYCHAR };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:360:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stl[4] = { 'E', 'C', 'Z', 'H' };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:551:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stderrbuf[BUFSIZ];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:623:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(c_output = fopen(coutput, textwrite))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:630:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& !(protofile = fopen(proto_fname, textwrite)))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:700:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((c_file = fopen (c_functions, textread)) == (FILE *) NULL)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:743:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( fp = fopen(fn, mode) )
data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f1, f, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/malloc.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, f, s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MEMBSIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c:49:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s1, s2, n) char *s1, *s2; int n;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/memset.c:51:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(char *s1, char *s2, int n)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:95:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "malloc(%d) failure!", n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *s0;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:369:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "integer constant %.*s truncated.",
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:392:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(q = ckalloc(n)), (char *)p, n);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1268:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(fname, binread))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1272:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(b = fopen(bname, binwrite))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1338:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "integer constant %.*s truncated.", n0, s0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:68:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[100];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:72:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy (buff, "real");break; }
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:73:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYDREAL: strcpy (buff, "doublereal"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:75:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "/* Complex */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:77:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "complex");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:80:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "/* Double Complex */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:82:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "doublecomplex");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:96:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "/* Character */ VOID");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:98:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buff, "char");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:101:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYUNKNOWN: strcpy (buff, "UNKNOWN");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:111:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYSUBR: strcpy (buff, "/* Subroutine */ int");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:113:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYERROR: strcpy (buff, "ERROR"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:114:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYVOID: strcpy (buff, "void"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:115:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYCILIST: strcpy (buff, "cilist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:116:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYICILIST: strcpy (buff, "icilist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:117:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYOLIST: strcpy (buff, "olist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:118:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYCLLIST: strcpy (buff, "cllist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:119:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYALIST: strcpy (buff, "alist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:120:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYINLIST: strcpy (buff, "inlist"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:121:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TYFTNLEN: strcpy (buff, "ftnlen"); break;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:122:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf (buff, "BAD DECL '%d'", type);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:245:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[CONST_IDENT_MAX];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:256:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "ci1_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:258:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "ci1_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:260:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "ci1__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "cs_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:267:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "cs_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:269:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "cs__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:277:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "c_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:279:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "c_n%ld", -val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:281:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "c__%ld", val);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "c_b%ld", litp -> litnum);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:324:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[12];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:326:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", count);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&cb.Const, (char *)&litp->litval,
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:511:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Extern[4] = {"", "Extern ", "extern "};
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:675:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[USER_LABEL_MAX + 1];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:676:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Lfmt[2] = { "L_%ld", "L%ld" };
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:696:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[IDENT_LEN];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:720:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[IDENT_LEN];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/names.c:761:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c_file = of = fopen(outbuf,textwrite);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opeqable[sizeof(opcode_table)/sizeof(table_entry)];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:474:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char real_buf[50], imag_buf[50];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8], *s;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1415:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1424:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tr_tab[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/p1output.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdsbuf0[64], cdsbuf1[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_input[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:357:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char low_prefix[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:358:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char low_string[MAX_INPUT_SIZE];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:495:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:506:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:517:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(long *)store = atol(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:552:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **place = (char **) arg_result_ptr (table[index]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Ptok[128], Pct[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], cbuf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:701:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:884:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(pf = fopen(fname, textread))) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[MAXNAMELEN+4];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], badname[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:727:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dflttype[26];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:797:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rs->user.ident, "ret_val");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[256], *s0;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdsbuf0[64], cdsbuf1[64], *ds[2];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/put.c:422:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmem(len,0), strp, len);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:101:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ei_next, ei_first, k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80]; /* buffer for text of comment */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[208], buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[208], buf1[32], buf2[32];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:1992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment_buf[80];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/putpcc.c:2141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wh_next, wh_first, k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *s, *t;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volname[512], f2c[24], fsname[512], *name1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:149:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf(f2c, "%x", _getpid());
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:153:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(f2c, "f2c_");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:192:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tdbuf[L_TDNAME];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:209:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tdbuf, "/tmp/f2ctd_XXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:210:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
f = mkstemp(tdbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:225:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tdbuf, "/tmp/f2ctd_XXXXXX");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:433:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escapes[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:436:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str_fmt[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:437:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *str0fmt[127] = { /*}*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:439:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str_fmt[Table_size] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:460:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chr_fmt[Table_size];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:461:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *chr0fmt[127] = { /*}*/
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:463:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chr_fmt[Table_size] = {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:486:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *str1fmt[6] =
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:500:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_fmt[i] = s, "\\%03o", i);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:596:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:623:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32000];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:649:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mb->buf, x0, n = x-x0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:65:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(), *memset();
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:69:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#ifndef atol
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.h:70:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long atol();
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdeptest.c:19:3: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdsbuf0[64], cdsbuf1[64];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:123:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "v.%ld", mem);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:127:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "L%ld", mem);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:131:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "q.%ld", mem+eqvstart);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/vax.c:392:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
d[i] = mkchain((char *)q, d[i]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/xsum.c:226:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x = open(s, O_RDONLY|O_BINARY);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:110:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncols = px = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:112:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrows = py = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:121:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
red[0] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:126:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
green[0] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:131:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blue[0] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:137:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
red[1] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:142:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
green[1] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:147:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blue[1] = atoi (argv[i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:172:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdi = (infile[index] ? fopen (infile[index], "r") : stdin);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:185:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdo = fopen (fname, "w+");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:444:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define tab_suffixof(i) ((unsigned char *)(htab))[i]
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2gif.c:485:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char accum[256]; /* Define the storage for the packet accumulator */
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:113:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': width = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:114:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'h': height = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:115:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': pen_width = atoi (argv[++argno]); break;
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2svg.c:132:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:276:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:483:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:520:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[32];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uapl.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:192:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char progname[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:278:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2ueps.c:472:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhpgl.c:74:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:129:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_rast [SZ_RAST];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:218:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char obuf [SZ_VECT];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:75:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define DECL_OBUF register char *op; char *np; char obuf[SZ_OBUF+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char penparam[SZ_PENPARAM];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uimp.c:171:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:27:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
px = atoi (argv[1]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:28:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
py = atoi (argv[2]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uptx.c:35:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpi = fopen (argv[index], "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char penparam[SZ_PENCMD];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:157:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (infile, "r");
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:286:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char obuf[SZ_PENCMD+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:74:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
px = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:76:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
py = atoi (argv[++i]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2xbm.c:97:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = (infile[index] ? fopen (infile[index], "r") : stdin);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:62:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char temp[4];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[2];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:127:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_val = atoi (argv[++argno]);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgiUtil.c:129:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_val = atoi (argv[argno]+2);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpath[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translator[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:52:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (translator, ".e");
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:4:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define FIRST_FD 10 # first open file descriptor
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:34:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define MAX_CLGFILPAR 10 # max open params for CLGFIL
data/iraf-2.16.1+2018.11.01/unix/hlib/config.h:41:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define MT_MAXTAPES 2 # maximum open tape drives
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:138:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define open xfopen
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:139:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
define open xfopen
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/finfo.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_owner[SZ_OWNERSTR*sizeof(XLONG)];
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:55:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atoi u_atoi
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:56:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atol u_atol
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:65:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen u_fopen
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:134:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern struct _iobuf *fopen (char *fname, char *modestr);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:161:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extern int atoi (char *str);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:254:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extern long atol (char *str);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:94:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen();
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_name[SZ_FNAME]; /* file name */
data/iraf-2.16.1+2018.11.01/unix/os/alloc.c:252:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ufp = fopen ("/var/run/utmp", "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/os/getproc.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathname[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:61:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)ldir, "host");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:65:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)ldir, "iraf");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:73:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pathname, "bin");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:82:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pathname, "hlib/");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:90:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pathname, "bin.");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:100:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pathname, "bin/");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:107:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pathname, "lib/");
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[LINSIZ+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostaddr[MAXADDRSIZE];
data/iraf-2.16.1+2018.11.01/unix/os/net/ghostent.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *host_aliases[MAXALIASES];
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostdb[SZ_FNAME+1] = HOSTDB;
data/iraf-2.16.1+2018.11.01/unix/os/net/hostdb.c:34:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)osfn, "/etc/hosts");
data/iraf-2.16.1+2018.11.01/unix/os/net/in.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sin_zero[8];
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:176:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:279:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ((char *)pkname, "LOGNAME");
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:285:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (osfn, ":udd:");
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:151:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[80];
data/iraf-2.16.1+2018.11.01/unix/os/net/socket.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[14]; /* up to 14 bytes of direct address */
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[SZ_NAME+1], password[SZ_NAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:129:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (uname, "USER");
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[SZ_NAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:219:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[80];
data/iraf-2.16.1+2018.11.01/unix/os/net/zfioks.c:232:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[80];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mtdev[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char o_mtdev[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iobuf[SZ_IOBUF];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmdbuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tokbuf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logfile[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[256];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:109:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (logfile, "tape.out");
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:170:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfp = fopen (logfile, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:180:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(token = gettok()) || (fp=fopen(token,"r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:209:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tape = open (mtdev, t_acmode =
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:239:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtop (MTFSF, (token = gettok()) ? atoi(token) : 1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:241:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtop (MTFSR, (token = gettok()) ? atoi(token) : 1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:243:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtop (MTBSF, (token = gettok()) ? atoi(token) : 1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:245:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtop (MTBSR, (token = gettok()) ? atoi(token) : 1);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:250:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrec = (token = gettok()) ? atoi(token) : 1;
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:251:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbytes = rbufsz = (token = gettok()) ? atoi(token) : rbufsz;
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[512];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:282:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrec = (token = gettok()) ? atoi(token) : 1;
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:283:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbytes = wbufsz = (token = gettok()) ? atoi(token) : wbufsz;
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:291:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (iobuf, "file %d, record %d\n",
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:412:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt[32];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[512];
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:435:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, "status %d (%d)\n", status, errno);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dev, devname[SZ_FNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((char *)owner, "%d", uid);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:156:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ufp = fopen ("/var/run/utmp", "r")) == NULL) {
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:197:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat ((char *)cmd, " -s ");
data/iraf-2.16.1+2018.11.01/unix/os/zawset.c:80:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_wss = atoi(s) * 1024*1024;
data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_TESTBLOCK];
data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c:99:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ((char *)fname, O_RDONLY);
data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c:69:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patstr[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfchdr.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfgcwd.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[1025];
data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c:74:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char owner[SZ_OWNERSTR+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c:85:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((char *)fs->fi_owner, "%d", osfile.st_uid);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:81:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open ((char *)osfn, O_RDONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:85:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open ((char *)osfn, O_WRONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:90:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ((char *)osfn, O_RDWR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:98:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ((char *)osfn, O_RDWR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:111:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ((char *)osfn, O_RDWR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:144:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!vm_access ((char *)osfn, *mode))
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:410:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vm_client[SZ_CNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:502:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status = atoi (buf);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_COMMAND];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:572:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status = atoi (buf);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:603:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "reservespace %ld\n", nbytes);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:619:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status = atoi (buf);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:630:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_CMDBUF];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[SZ_FNAME], value[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argp, buf[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:688:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vm_port = atoi (argp);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:766:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (osfn, "inet:%d::", vm_port);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_file[64] = ""; /* debug output file if nonnull */
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SZ_NAME+1], username[SZ_NAME+1], password[SZ_NAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:284:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((debug_fp = fopen (debug_file, "a")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:450:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", O_RDONLY); close(0); dup(fd); close(fd);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:451:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/console", O_WRONLY); close(1); dup(fd); close(fd);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:452:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/console", O_WRONLY); close(2); dup(fd); close(fd);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:551:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, "%d.%d.%d.%d", ap[0],ap[1],ap[2],ap[3]);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:596:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localhost[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:597:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callback_cmd[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:654:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[SZ_LINE], *nretryp;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:680:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nretries = atoi(nretryp);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1139:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char *)hp->h_addr,(char *)&sockaddr.sin_addr, hp->h_length);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1229:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (obuf, "%d", ival);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *header[MAX_HEADERLINES];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[SZ_SBUF];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1419:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fname, ".OLD");
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1547:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((authp = getenv(KSAUTH)) && (auth = atoi(authp)))
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1653:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (filename, "r")) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1704:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (ip);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1751:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->port = atoi (word + 5);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1753:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->auth = atoi (word + 5);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1755:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->hiport = atoi (word + 7);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1757:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->timeout = atoi (word + 8);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1904:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char password[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[80];
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1909:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = open ("/dev/tty", O_RDWR)) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spoolfile[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpstr[SZ_LPSTR+1]; /* save zopnlp argument */
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:135:16: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp (lpr.spoolfile)) >= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char density[SZ_FNAME]; /* tape density, bpi */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devtype[SZ_FNAME]; /* drive type */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tapetype[SZ_FNAME]; /* tape type */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusdev[SZ_FNAME]; /* status output device */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iodev[SZ_FNAME]; /* i/o device */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nr_device[SZ_FNAME]; /* no-rewind-on-close device */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rw_device[SZ_FNAME]; /* rewind-on-close device */
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:591:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (bufp, "[NULLFILE]");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:959:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tty && (tty = fopen (CONSOLE, "a")) != NULL) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1038:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1047:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (dev, u_acmode);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1057:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, u_acmode);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1061:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "/dev/");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1063:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (path, u_acmode)) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1068:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "/dev/rmt/");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1070:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (path, u_acmode);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1112:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dp->devtype, "generic");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1113:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dp->tapetype, "unknown");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1636:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mp->mtdev.statusout = fopen (mp->mtdev.statusdev, "a");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1669:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mp->mtdev.statusout = fopen (mp->mtdev.statusdev, "a");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1689:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (host, "localhost");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1692:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = (isdigit(*ip)) ? atoi(ip) : DEFPORT;
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1716:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)hp->h_addr,(char *)&sockaddr.sin_addr, hp->h_length);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1811:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_LINE];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path1[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:176:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_NAME*2];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:177:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flag[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_str[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:208:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi (port_str);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:220:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (host_str, "localhost");
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:226:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (hp->h_addr, (char *)&host_addr, sizeof(host_addr));
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chan_str[SZ_NAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:252:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = atoi (chan_str);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:313:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (np->path1, O_RDONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:325:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (np->path2, O_WRONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:346:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *)&host_addr, (char *)&sockaddr.sin_addr,
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:388:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd1 = open (np->path1, O_RDONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:390:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd2 = open (np->path2, O_WRONLY|O_NDELAY)) != ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:558:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd1 = open (np->path2, O_RDONLY|O_NDELAY)) != -1) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:559:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd2 = open (np->path2, O_WRONLY|O_NDELAY)) != -1)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:565:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd1 = open (np->path1, O_RDONLY|O_NDELAY)) == -1)
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:574:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keepalive = open (np->path1, O_WRONLY);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_OBUF];
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spoolfile[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plstr[SZ_PLSTR+1]; /* save zopnpl argument */
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:126:16: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp (pltr.spoolfile)) >= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:107:17: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
while ((*pid = vfork()) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:249:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[SZ_TTYIBUF], *ip;
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:375:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[SZ_TTYOBUF], *op;
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:152:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen ((char *)osfn, fmode)) == NULL)
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:358:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[1024];
data/iraf-2.16.1+2018.11.01/unix/os/zfmkdr.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osdir[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_name[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zfprot.c:53:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (link_name, &((char *)fname)[first]);
data/iraf-2.16.1+2018.11.01/unix/os/zfrmdr.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osdir[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zghost.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zghost.c:22:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)outstr)[*maxch] = EOS;
data/iraf-2.16.1+2018.11.01/unix/os/zglobl.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os_process_name[SZ_PROCNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zglobl.c:19:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oscwd[SZ_PATHNAME+1] = "";
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:106:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *home, hpath[SZ_PATHNAME+1], *rpath, *lpath;
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:142:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lpath, " -I");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:144:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lpath, "include");
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char os_process_name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char osfn_bkgfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:118:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:120:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fname, "%d.in", getpid());
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:122:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fname, "%d.out", getpid());
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:154:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy ((char *)osfn_bkgfile, argv[arg]);
data/iraf-2.16.1+2018.11.01/unix/os/zopdir.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char osfn[SZ_PATHNAME+1];
data/iraf-2.16.1+2018.11.01/unix/os/zopdir.c:187:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)outstr)[nchars] = EOS;
data/iraf-2.16.1+2018.11.01/unix/os/zopdpr.c:95:16: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
while ((pid = vfork()) == ERR) {
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:69:20: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
while ((pid = vfork()) == ERR)
data/iraf-2.16.1+2018.11.01/unix/os/zoscmd.c:86:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (sin, O_RDONLY);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:39:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (msg, "PANIC in `");
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:41:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (msg, "': ");
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:51:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/console", O_WRONLY);
data/iraf-2.16.1+2018.11.01/unix/os/zxwhen.c:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)errmsg)[*maxch] = EOS;
data/iraf-2.16.1+2018.11.01/unix/os/zzdbg.c:148:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf ("%c", (char )msg[i]);
data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c:105:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (LOGFILE, O_CREAT|O_WRONLY|O_APPEND, 0644)) < 0)
data/iraf-2.16.1+2018.11.01/unix/os/zzpstr.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char obuf[1024];
data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char os_process_name[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char osfn_bkgfile[SZ_PATHNAME];
data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c:58:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (os_process_name, "%d", getpid());
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((fptr->Fptr)->iobuffer + (nbuff * IOBUFLEN) + bufpos, cptr, nspace);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:148:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((fptr->Fptr)->iobuffer + (nbuff * IOBUFLEN), cptr, ntodo);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:168:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((fptr->Fptr)->iobuffer + ((fptr->Fptr)->curbuf * IOBUFLEN) + bufpos, cptr, nwrite);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:223:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ioptr, cptr, nwrite);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:235:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ioptr, cptr, nwrite);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ioptr, cptr, nwrite);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:273:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ioptr, cptr, nwrite);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:352:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, (fptr->Fptr)->iobuffer + ((fptr->Fptr)->curbuf * IOBUFLEN) + bufpos, nread);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ioptr, nread);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:418:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ioptr, nread);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ioptr, nread);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:463:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ioptr, nread);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:653:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zeros[IOBUFLEN]; /* initialized to zero by default */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/buffers.c:1135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prefix[MAX_PREFIX_LEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:30:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(char *filename, int rwmode, int *driverhandle);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[MAX_PREFIX_LEN], infile[FLEN_FILENAME], outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extspec[FLEN_FILENAME], rowfilter[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binspec[FLEN_FILENAME], colspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagecolname[FLEN_VALUE], rowexpress[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *url, errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdtype[3] = {"IMAGE", "TABLE", "BINTABLE"};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:160:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "memkeep://"); /* URL type for pre-existing memory file */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[MAX_PREFIX_LEN], infile[FLEN_FILENAME], outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origurltype[MAX_PREFIX_LEN], extspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE], rowfilter[FLEN_FILENAME], tblname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagecolname[FLEN_VALUE], rowexpress[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binspec[FLEN_FILENAME], colspec[FLEN_FILENAME], pixfilter[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histfilename[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:565:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filtfilename[FLEN_FILENAME], compspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], maxname[4][FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:574:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:575:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdtype[3] = {"IMAGE", "TABLE", "BINTABLE"};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:647:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:786:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (driverTable[driver].open)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:789:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*status = (*driverTable[driver].open)(infile, mode, &handle);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1108:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_1"); /* create image file in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1159:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_1"); /* will create copy in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1195:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_2"); /* will create file in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1261:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_2"); /* will create copy in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1303:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_3"); /* create histogram in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1343:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outfile, "mem://_4"); /* create in memory */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldurltype[MAX_PREFIX_LEN], oldinfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldextspec[FLEN_FILENAME], oldoutfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldrowfilter[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldbinspec[FLEN_FILENAME], oldcolspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1492:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpinfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1862:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[FLEN_VALUE], oldname[FLEN_VALUE], colformat[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2443:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[30000];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char templt[FLEN_CARD] = "";
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2710:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[30000];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformchar, tform[20], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2714:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FLEN_FILENAME+20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2923:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "HISTORY ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3073:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, keyname[FLEN_KEYWORD], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[FLEN_VALUE], *tstbuff=0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3442:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*secmin = atol(token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3464:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*secmax = atol(token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3489:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*incre = atol(token);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3727:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tilesize[ii] = atol(ptr1); /* read the integer value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3842:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[MAX_PREFIX_LEN], outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmplfile[FLEN_FILENAME], compspec[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3883:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[MAX_PREFIX_LEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4085:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "memkeep://"); /* URL type for pre-existing memory file */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4182:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(((*fptr)->Fptr)->filename, "memfile"); /* dummy filename */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:4205:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5034:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(char *filename, int rwmode, int *driverhandle),
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5080:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
driverTable[no_of_drivers].open = open;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5204:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "stdin://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5210:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "stdin://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5239:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5245:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "gsiftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5251:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5257:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5263:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "shmem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5269:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5275:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5414:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "irafmem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5560:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "rawstdin://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5562:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "rawfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootname[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[MAX_PREFIX_LEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6240:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6245:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "gsiftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6250:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6255:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6260:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "shmem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6418:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "stdout://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6442:14: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urltype, "file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6530:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "compressoutfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[FLEN_VALUE], *loc;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urltype[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6777:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6778:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rowfilter[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colspec[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagecolname[FLEN_VALUE], rowexpress[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6890:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lines,line[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6904:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (aFile = fopen( filename, "r" ))==NULL ) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6962:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, tval[73];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7017:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, tval[73];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_str[FLEN_STATUS], errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1604:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char AA0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1611:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char AA0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1618:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define STRING_cfE static char A0[1+MAX_LEN_FORTRAN_FUNCTION_STRING]; \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2171:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((B=_cf_malloc(D+1))[D]='\0', memcpy(B,A,D), kill_trailing(B,' '))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2207:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define RRRRPSTR( A,B,D) if (B) memcpy(A,B, _cfMIN(strlen(B),D)), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(AS->dsc$a_pointer,A0,_cfMIN(AS->dsc$w_length,(A0==NULL?0:strlen(A0))));\
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_fcdtocp(AS),A0, _cfMIN(_fcdlen(AS),(A0==NULL?0:strlen(A0))) ); \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2326:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define STRING_cfK memcpy(AS,A0, _cfMIN(D0,(A0==NULL?0:strlen(A0))) ); \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc[32];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[16];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[20], checksum[FLEN_VALUE], datasum[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT], chkcomm[FLEN_COMMENT], datacomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:201:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chkcomm, "HDU checksum updated ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:203:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datacomm, "data unit checksum updated ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:211:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(checksum, "0000000000000000");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:226:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(checksum, "0000000000000000");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:276:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(checksum, "0000000000000000");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[20], chkcomm[FLEN_COMMENT], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[FLEN_VALUE], datasum[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:337:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chkcomm, "HDU checksum updated ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:359:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(checksum, "0000000000000000");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/checksum.c:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[1024], *cptr, user[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:182:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "r+b"); /* open existing file with read-write */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:186:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "rb"); /* open existing file readonly */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:192:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*diskfile = fopen(filename, mode, "rfm=fix", "mrs=2880", "ctx=stm");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:242:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*diskfile = fopen(tempname, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:247:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*diskfile = fopen(filename, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:260:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f1 = fopen(filename, "rb")) != 0) /* try opening READONLY */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:267:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tempname, ".TmxFil");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:268:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f2 = fopen(tempname, "wb")) != 0) /* create temp file */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:291:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*diskfile = fopen(filename, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:305:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*diskfile = fopen(filename, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME], absURL[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootstring[256], rootstring2[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[FLEN_FILENAME], userroot[FLEN_FILENAME], userroot2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:425:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "w+b"); /* create new file with read-write */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:427:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, "r"); /* does file already exist? */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:438:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, mode, "rfm=fix", "mrs=2880", "ctx=stm");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:440:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:712:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outdiskfile = fopen(file_outfile, "r"); /* does file already exist? */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:724:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outdiskfile = fopen(cptr, "w+b"); /* create new file */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:763:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:773:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".gz");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:778:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".bz2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:783:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".Z");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:787:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".z"); /* it's often lower case on CDROMs */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:791:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".zip");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:795:15: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,"-z"); /* VMS suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:799:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,"-gz"); /* VMS suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:853:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "compressmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:858:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "compressfile://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:870:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "compress://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stdin_outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:138:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "w+b"); /* create file with read-write */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:140:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, "r"); /* does file already exist? */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:151:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, mode, "rfm=fix", "mrs=2880", "ctx=stm");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:153:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename, mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:298:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"stdinfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:419:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memptr, simple, 6); /* copy "SIMPLE" to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[RECBUFLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:497:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recbuf, simple, 6); /* copy "SIMPLE" to buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:570:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:839:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootfile[FLEN_FILENAME], *cptr = 0, *cptr2 = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:1177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:1229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *(memTable[hdl].memaddrptr) + memTable[hdl].currentpos,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:1246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char netoutfile[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentencoding[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentencoding[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:498:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (diskfile = fopen(netoutfile,"r"))) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:560:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentencoding[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:634:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (outfile = fopen(netoutfile,"w"))) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr1[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:737:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr2[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:740:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userpass[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char turl[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pproto[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:751:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phost[SHORTLEN]; /* address of the proxy server */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfn[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:757:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(turl,"http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:930:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(contentencoding,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:951:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(contentencoding,"https://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1178:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(inmem->memory[inmem->size]), buffer, transferSize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char agentStr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curlErrBuf[CURL_ERROR_SIZE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1241:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urlname, "https://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1246:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(urlname, ".gz");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1283:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urlname, "https://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1324:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urlname, "https://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1585:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (outfile = fopen(netoutfile,"w"))) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1774:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (diskfile = fopen(netoutfile,"r"))) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1843:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1846:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1855:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1856:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char turl[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1866:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(turl,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1950:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr,"CWD /\r\n");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1956:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr,"CWD /\r\n");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char turl[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2146:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(turl,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2232:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr,"CWD /\r\n");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2238:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr,"CWD /\r\n");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2523:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(proto,"http:");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2524:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(host,"localhost");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2536:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(proto,"ftp:");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newinfile[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentencoding[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2641:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2658:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2687:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newinfile,".gz");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2698:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2709:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftpmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2713:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpcompress://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2715:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2746:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newinfile,".Z");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2757:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2768:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftpmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2772:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpcompress://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2774:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2805:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2816:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftpmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2821:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2856:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "httpmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2862:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2869:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpcompress://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2871:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2874:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2884:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"https://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2896:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpsmem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2898:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"httpsfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2907:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newinfile[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2916:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2927:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newinfile,".gz");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2941:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newinfile,".Z");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2979:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype, "ftpmem://"); /* use special driver */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2986:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpcompress://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2988:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2991:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urltype,"ftpfile://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN], errorstr[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localhost[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3070:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &addr,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstr[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[SHORTLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char turl[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3369:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(turl,"root://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recbuf[MAXLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,recbuf,len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000], *p;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:180:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (NULL != (p = getenv(SHARED_ENV_KEYBASE))) shared_kbase = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:185:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (NULL != (p = getenv(SHARED_ENV_MAXSEG))) shared_maxseg = atoi(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:196:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shared_fd = open(buf, O_TRUNC | O_EXCL | O_CREAT | O_RDWR, shared_create_mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:199:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ shared_fd = open(buf, O_TRUNC | O_RDWR, shared_create_mode);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:469:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ shmdt((char *)(shared_lt[idx].p)); /* cannot attach process, detach everything */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:476:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ if (shmdt((char *)(shared_lt[idx].p))) r = SHARED_IPCERR; /* if segment is resizable, then detach segment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:571:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(bp + 1), (void *)((shared_lt[idx].p) + 1), transfersize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:572:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (shmdt((char *)(shared_lt[idx].p))) r = SHARED_IPCERR; /* try to detach old segment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:594:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (shmdt((char *)(shared_lt[idx].p))) /* if, we are the last thread, try to detach segment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:654:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ if (shmdt((char *)(shared_lt[idx].p))) r = SHARED_IPCERR; /* segment is resizable, then detach segment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segname[10];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:753:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*address = ((char *)(((DAL_SHM_SEGHEAD *)(shared_lt[i].p + 1)) + 1));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:943:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:944:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)(((DAL_SHM_SEGHEAD *)(shared_lt[driverhandle].p + 1)) + 1)) +
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:965:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)(((DAL_SHM_SEGHEAD *)(shared_lt[driverhandle].p + 1)) + 1)) +
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:965:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy(((char *)(((DAL_SHM_SEGHEAD *)(shared_lt[driverhandle].p + 1)) + 1)) +
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.h:85:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char ID[2]; /* ID = 'JB', just as a checkpoint */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT], keyname[FLEN_KEYWORD], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:170:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment,"length of data axis");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:189:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "offset data range to that of unsigned short");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:191:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:196:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "offset data range to that of unsigned long");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:198:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1066:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfm[FLEN_VALUE], keyname[FLEN_KEYWORD], comm[FLEN_COMMENT], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1209:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "label for field");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1213:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "format of field");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1230:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for signed bytes");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1235:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1250:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for unsigned integers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1255:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1270:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for unsigned integers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1275:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1290:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "beginning column of field");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfm[FLEN_VALUE], keyname[FLEN_KEYWORD], tcode[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], ttype[FLEN_VALUE], tform[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttype_comm[FLEN_COMMENT],tform_comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1578:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform, "1J");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1581:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform, "1I");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1584:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform,"1E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1587:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform,"1D");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1876:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], ttype[FLEN_VALUE], tform[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttype_comm[FLEN_COMMENT],tform_comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1883:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ttypes[1000], *tforms[1000], keyarr[1001][FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE], comment[FLEN_COMMENT], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2321:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[10000], cfill;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2448:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[10000];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec[FLEN_CARD], q[FLEN_KEYWORD], newkey[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[shftbuffsize];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *card, comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:188:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "IMAGE extension");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:198:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of random group parameters");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:201:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of random groups");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:220:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "file does conform to FITS standard");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:231:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "FITS dataset may contain extensions");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG], card[FLEN_CARD], naxiskey[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:487:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(naxiskey, "NAXIS");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG], extnm[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/edithdu.c:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG], extnm[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_defs.h:27:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXVARNAME+1];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_defs.h:45:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STRLEN];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:527:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[81], tform[16], nullKwd[9], tdimKwd[9];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:612:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TLONG: strcpy(tform,"I11"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:613:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDOUBLE: strcpy(tform,"D23.15"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1125:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
case TSTRING: (*(char **)Null)[0] = '\1';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1126:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*(char **)Null)[1] = '\0'; break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1322:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *(char **)Null, zeros, 2 );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1324:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Null, zeros, datasize );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1359:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:1991:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parName[256], *sPtr[1], found[1000];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE], dtype;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2521:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **bitStrs, msg[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2605:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2695:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1003:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstring[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1004:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitstring[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1007:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1009:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errMsg,"Bit string exceeds maximum length: '");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1011:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (errMsg,"...'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1067:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstring[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1068:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitstring[256];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1071:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1073:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errMsg,"Hex string exceeds maximum length: '");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1075:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (errMsg,"...'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1161:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fflval.lng = atol(fftext);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1223:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1225:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errMsg,"String exceeds maximum length: '");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1227:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (errMsg,"...'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2400:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsg[MAXVARNAME+25];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2409:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errMsg,"Unable to find data: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2424:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (errMsg,"Bad datatype for data: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_tab.h:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STRLEN]; /* string value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:168:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &fflval, &(value), sizeof(value) ); \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STRLEN]; /* string value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1677:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *ffarg[FFERROR_VERBOSE_ARGS_MAXIMUM];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1694:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ffformat[sizeof ffunexpected
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ffmsgbuf[128];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:3846:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(this->value.data), value, len );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xcol[20], xexpr[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:4191:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdunum = atoi( fname ) + 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:6011:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pNull[MAXSUBS];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7672:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)this->value.data.strptr[0]
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( this->value.undef + row*this->value.nelem,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7686:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)this->value.data.ptr
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7776:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)this->value.data.strptr[0]
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7785:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( this->value.undef + row*this->value.nelem,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7788:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)this->value.data.ptr
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_str, src_str+pos-1, nsub);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_str, src_str+pos-1, dest_len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap.h:109:64: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((B=(char*)malloc(_cfMAX(D,gMinStrLen)+1))[D]='\0',memcpy(B,A,D), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap1.c:317:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(fname, "a");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:311:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:387:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:54:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int doencode(char *outfile, int a[], int nx, int ny, unsigned char nbitplanes[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:55:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int doencode64(char *outfile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:595:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code_magic[2] = { (char)0xDD, (char)0x99 };
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:610:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:772:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:937:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:956:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:979:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&file[noutchar], buffer, n);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:999:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode(char *outfile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hcompress.c:1038:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
doencode64(char *outfile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:63:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:64:85: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1041:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code_magic[2] = { (char)0xDD, (char)0x99 };
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1054:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1055:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1100:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nbitplanes[3];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmagic[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1153:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode(unsigned char *infile, int a[], int nx, int ny, unsigned char nbitplanes[3])
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:1212:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dodecode64(unsigned char *infile, LONGLONG a[], int nx, int ny, unsigned char nbitplanes[3])
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:2405:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:2427:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fits_hdecompress.c:2452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &file[nextchar], n);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:225:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "OK - no error");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:228:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "non-CFITSIO program error");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:231:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "same input and output files");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:234:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "attempt to open too many files");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:237:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "could not open the named file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:240:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "couldn't create the named file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:243:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error writing to FITS file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:246:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "tried to move past end of file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:249:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error reading from FITS file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:252:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "could not close the file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:255:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "array dimensions too big");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:258:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "cannot write to readonly file");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:261:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "could not allocate memory");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:264:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "invalid fitsfile pointer");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:267:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "NULL input pointer");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:270:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error seeking file position");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:273:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "invalid URL prefix");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:276:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "too many I/O drivers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:279:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "I/O driver init failed");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:282:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "no I/O driver for this URLtype");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:285:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "parse error in input file URL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:288:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "parse error in range list");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:291:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad argument (shared mem drvr)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:294:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "null ptr arg (shared mem drvr)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:297:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "no free shared memory handles");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:300:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "share mem drvr not initialized");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:303:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "IPC system error (shared mem)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:306:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "no memory (shared mem drvr)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:309:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "share mem resource deadlock");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:312:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "lock file open/create failed");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:315:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "can't resize share mem block");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:318:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "header already has keywords");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:321:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword not found in header");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:324:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword number out of bounds");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:327:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value is undefined");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:330:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "string missing closing quote");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:333:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error in indexed keyword name");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:336:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal character in keyword");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:339:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "required keywords out of order");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:342:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value not positive int");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:345:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "END keyword not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:348:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal BITPIX keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:351:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal NAXIS keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:354:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal NAXISn keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:357:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal PCOUNT keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:360:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal GCOUNT keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:363:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal TFIELDS keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:366:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "negative table row size");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:369:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "negative number of rows");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:372:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "named column not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:375:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal SIMPLE keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:378:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "first keyword not SIMPLE");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:381:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "second keyword not BITPIX");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:384:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "third keyword not NAXIS");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:387:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "missing NAXISn keywords");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:390:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "first keyword not XTENSION");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:393:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "CHDU not an ASCII table");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:396:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "CHDU not a binary table");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:399:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "PCOUNT keyword not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:402:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "GCOUNT keyword not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:405:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "TFIELDS keyword not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:408:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "missing TBCOLn keyword");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:411:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "missing TFORMn keyword");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:414:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "CHDU not an IMAGE extension");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:417:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal TBCOLn keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:420:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "CHDU not a table extension");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:423:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "column exceeds width of table");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:426:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "more than 1 matching col. name");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:429:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "row width not = field widths");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:432:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unknown FITS extension type");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:435:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "1st key not SIMPLE or XTENSION");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:438:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "END keyword is not blank");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:441:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "Header fill area not blank");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:444:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "Data fill area invalid");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:447:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal TFORM format code");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:450:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unknown TFORM datatype code");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:453:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal TDIMn keyword value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:456:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "invalid BINTABLE heap pointer");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:459:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unknown error status");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:468:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal HDU number");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:471:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "column number < 1 or > tfields");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:474:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "negative byte address");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:477:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "negative number of elements");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:480:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad first row number");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:483:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad first element number");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:486:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "not an ASCII (A) column");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:489:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "not a logical (L) column");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:492:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad ASCII table datatype");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:495:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad binary table datatype");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:498:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "null value not defined");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:501:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "not a variable length column");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:504:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal number of dimensions");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:507:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "1st pixel no. > last pixel no.");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:510:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "BSCALE or TSCALn = 0.");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:513:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal axis length < 1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:516:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "not group table");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:519:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "HDU already member of group");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:522:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "group member not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:525:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "group not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:528:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad group id");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:531:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "too many HDUs tracked");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:534:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "HDU alread tracked");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:537:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad Grouping option");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:540:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "identical pointers (groups)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:543:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "malloc failed in parser");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:546:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "file read error in parser");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:549:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "null pointer arg (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:552:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "empty line (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:555:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "cannot unread > 1 line");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:558:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "parser too deeply nested");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:561:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "file open failed (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:564:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "hit EOF (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:567:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad argument (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:570:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unexpected token (parser)");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:573:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad int to string conversion");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:576:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad float to string conversion");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:579:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value not integer");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:582:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value not logical");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:585:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value not floating pt");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:588:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "keyword value not double");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:591:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad string to int conversion");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:594:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad string to float conversion");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:597:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad string to double convert");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:600:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal datatype code value");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:603:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "illegal no. of decimals");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:606:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "datatype conversion overflow");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:609:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error compressing image");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:612:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error uncompressing image");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:615:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad date or time conversion");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:618:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "syntax error in expression");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:621:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "expression result wrong type");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:624:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "vector result too large");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:627:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "missing output column");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:630:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad data in parsed column");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:633:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "output extension of wrong type");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:636:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "WCS angle too large");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:639:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad WCS coordinate");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:642:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "error in WCS calculation");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:645:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "bad WCS projection type");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:648:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "WCS keywords not found");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:651:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unknown error status");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:657:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errtext, "unknown error status");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:738:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *txtbuff[errmsgsiz], *tmpbuff, *msgptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:739:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuff[errmsgsiz][81]; /* initialize all = \0 */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG], testchar;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:965:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1032:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[FLEN_KEYWORD], tmpname2[FLEN_KEYWORD],*cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1092:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "= ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1095:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, " = ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1130:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "HIERARCH ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1136:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "= ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1139:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, " = ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1148:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "= ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1220:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, " / "); /* append comment separator */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcard[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], value[140], comment[140];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tok, *suffix, *loc, tvalue[140];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1692:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card," ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1745:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "END");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1974:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inrec, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outrec[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec[FLEN_CARD], outrec[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *form, temp[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2777:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *form, temp[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *form, temp[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3191:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cform, ".0f"); /* 0 precision to suppress decimal point */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[FLEN_VALUE]; /* temporary string to hold column name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[FLEN_VALUE], col[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3956:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4064:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xname[FLEN_VALUE], *xtension, urltype[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4693:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4910:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tvalue[FLEN_VALUE], *loc;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5492:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5594:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(snull, " "); /* maximum of 17 spaces */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5946:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6043:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer, *tbuff, comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6044:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT], keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[FLEN_VALUE], newform[FLEN_VALUE], lenval[40];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6638:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], comm[FLEN_COMMENT], valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6832:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blankkey[FLEN_CARD], endkey[FLEN_CARD], keyrec[FLEN_CARD] = "";
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6849:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(blankkey, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6850:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(blankkey, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6851:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(endkey, "END ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6852:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(endkey, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6918:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chfill, fill[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6999:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7070:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chfill,chbuff[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7983:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff1[2880], buff2[2880];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:8002:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "XTENSION= 'IMAGE ' / IMAGE extension");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:8169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[20], *card1, *card5;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:8173:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, " "); /* append blanks to make at least 8 chars long */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9019:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9062:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2i evaluating string as an integer: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9123:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2j evaluating string as a long integer: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9184:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2j evaluating string as a long integer: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9221:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2l evaluating string as a logical: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9283:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2r evaluating string as a float: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtype, sval[81], msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9330:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2d evaluating string as a double: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9361:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Range Error in ffc2ii converting string to long int: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9409:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Range Error in ffc2jj converting string to longlong int: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, msg[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9461:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Range Error in ffc2ujj converting string to unsigned longlong int: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, msg[81], tval[73];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9579:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error: Invalid string to float in ffc2rr");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9601:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2rr converting string to float: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9616:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2rr converting string to float: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, msg[81], tval[73];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9655:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error: Invalid string to double in ffc2dd");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9676:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2dd converting string to double: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9691:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg,"Error in ffc2dd converting string to double: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttype[70]; /* column name = FITS TTYPEn keyword; */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strnull[20]; /* FITS null value string for ASCII table columns */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[10]; /* FITS tform keyword value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zcmptype[12]; /* compression type string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[70]; /* name (= TTYPEn value) of the column (optional) */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tunit[70]; /* physical unit string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdisp[70]; /* suggested display format */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:523:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extnam[72]; /* EXTNAME of binary table extension. */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttype[72]; /* TTYPEn of column containing the array. */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:753:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CFITS_API ffbins(char *binspec, int *imagetype, int *haxis,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:754:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], double *minin,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:756:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:756:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:757:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], double *weight, char *wtname,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1894:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CFITS_API ffhist(fitsfile **fptr, char *outfile, int imagetype, int naxis,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1895:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1897:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1897:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1898:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1899:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
double weightin, char wtcol[FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1901:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CFITS_API ffhist2(fitsfile **fptr, char *outfile, int imagetype, int naxis,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1902:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1904:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1904:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1905:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1906:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
double weightin, char wtcol[FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1909:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *outfile, int imagetype, int naxis,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1910:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1914:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1915:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1916:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1918:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1927:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CFITS_API fits_calc_binning(fitsfile *fptr, int naxis, char colname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1929:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1929:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1930:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], int *colnum, long *haxes,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1932:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CFITS_API fits_calc_binningd(fitsfile *fptr, int naxis, char colname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1934:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1934:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], char maxname[4][FLEN_VALUE],
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1935:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], int *colnum, long *haxes,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitsio.h:1966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcol.c:821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdummy[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcol.c:1006:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnulval[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:1914:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:745:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:1588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:745:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:746:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:1590:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:1816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:667:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:1800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:2173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:2351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:2609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:2610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:2611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:3709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:1809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[DBUFFSIZE], *buffptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:239:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char onbit[8] = {128, 64, 32, 16, 8, 4, 2, 1};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoll.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdummy[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], *carray, keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cform[20], dispfmt[20], tmpstr[400], *flgarray, tmpnull[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:176:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%14.6E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:187:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr, "NULL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:201:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr, "NULL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:243:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%23.15E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:254:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr, "NULL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:268:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpstr, "NULL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:451:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%#14.6G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:456:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%#23.15G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:461:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%#23.15G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:475:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%4d");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:477:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%4d");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:479:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%6d");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:481:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%11.0f");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:484:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%#14.6G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:486:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cform, "%#23.15G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], keyname[FLEN_KEYWORD], dispfmt[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:608:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*width = atoi(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:658:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*width = atoi(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:703:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*width = atoi(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:1899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:656:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:1821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:1821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:2194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:2372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:2630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:2631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:2632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:3749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:3862:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Cannot read number from ASCII table");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldummy, msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value if reading from ASCII table */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:1829:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cstring, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[2881];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[FLEN_CARD], keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], cardname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:708:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(name, "HIERARCH");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:765:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:823:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], strval[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], sbuff[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1856:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyroot[FLEN_KEYWORD], keyindex[8], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE], comm[FLEN_COMMENT], *equalssign;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1932:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tdimstr[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1957:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tdimstr[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, *lastloc, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2075:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *loc, *lastloc, message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2645:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2773:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], value[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:2776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], valuestring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], valuestring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], valuestring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[162], keyname[FLEN_KEYWORD], *headptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3444:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(keybuf,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3476:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(headptr,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ttype[6];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tform[6];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttypeBuff[102];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformBuff[54];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tform[6];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ttype[6];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:311:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charNull[1] = {'\0'};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttypeBuff[102];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformBuff[54];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:802:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:904:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1005:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1009:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1012:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *url[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberAccess1[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberAccess2[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberFileName[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberLocation[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grplc[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberHDUtype[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberExtname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupAccess1[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupAccess2[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupFileName[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupLocation[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmprootname[FLEN_FILENAME], grootname[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmpPtr[1];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1397:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(memberHDUtype,"PRIMARY");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1796:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1978:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2028:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newKeyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtension[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation3[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmpPtr[1];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2812:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extname,"PRIMARY");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2819:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(extname,"DEFAULT");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3005:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation3[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3009:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3011:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grplc[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3014:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3016:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mrootname[FLEN_FILENAME], grootname[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3876:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberHDUtype[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memberExtname[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3878:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3898:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(memberHDUtype,"PRIMARY");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charBuff1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4093:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charBuff2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4094:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpLocation[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4095:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4096:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4097:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrLocation3[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4099:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grpLocation2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmpPtr[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyvalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4551:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4923:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5226:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buff,"./");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5251:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buff,"..");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5480:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath,":\\");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5524:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath,"::");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5535:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath,"-.");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5544:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath,"[.");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5571:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outpath,":[");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr1[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr2[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr3[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr4[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5800:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5839:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5840:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5849:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5850:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5859:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5860:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5869:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5870:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"stdin://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5889:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5890:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"file://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5899:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5900:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5909:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5910:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"http://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5919:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5920:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5929:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr3,"mem://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5930:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpStr4,"ftp://");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6330:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(relURL,"../");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpStr[FLEN_FILENAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6557:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned const char isAcceptable[96] =
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.h:9:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename[MAX_HDU_TRACKER];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.h:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newFilename[MAX_HDU_TRACKER];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ngp_master_dir[NGP_MAX_FNAME]; /* directory of top level include file */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:518:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char *p, *p2, *cp, *envar, envfiles[NGP_MAX_ENVFILES];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:526:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (ngp_fp[ngp_inclevel] = fopen(fname, "r")))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:548:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ngp_fp[ngp_inclevel] = fopen(cp, "r");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:570:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ngp_fp[ngp_inclevel] = fopen(p, "r");/* try to open composite */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:777:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:951:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incrementor_name[NGP_MAX_STRING], ngph_ctmp;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:994:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(incrementor_name, ngp_linkey.name, l - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grnm[NGP_MAX_STRING]; /* keyword holding group name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incrementor_name[NGP_MAX_STRING];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1174:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(incrementor_name, ngp_linkey.name, l - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grnm[NGP_MAX_STRING], used_name[NGP_MAX_STRING];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1283:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(ngp_master_dir, ngp_template, i);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.h:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NGP_MAX_NAME];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.h:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[NGP_MAX_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:34:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* column name for axis */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:38:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* keyword name for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:39:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* keyword name for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:40:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* keyword name for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, tmpname[FLEN_VALUE], *file_expr = NULL;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* I - column names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:536:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* I - optional keywords for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:537:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* I - optional keywords for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:538:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* I - optional keywords for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:540:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE], /* I - optional keyword or col for weight*/
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:676:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* I - column names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:680:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* I - optional keywords for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:681:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* I - optional keywords for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:682:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* I - optional keywords for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:684:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE], /* I - optional keyword or col for weight*/
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:817:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* I - column names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:821:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* I - optional keywords for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:822:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* I - optional keywords for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:823:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* I - optional keywords for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:825:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtcol[FLEN_VALUE], /* I - optional keyword or col for weight*/
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:838:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG], keyname[FLEN_KEYWORD], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:848:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:850:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpref[4][FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1002:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "column for histogram axis doesn't exist: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1014:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Can't bin a vector column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1026:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Inappropriate datatype; can't bin this column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1044:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Error calculating datamin and datamax for column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1071:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Error calculating datamin and datamax for column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1472:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* I - optional column names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1476:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* I - optional keywords for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1477:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* I - optional keywords for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1478:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* I - optional keywords for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1512:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[4][FLEN_VALUE], /* I - optional column names */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1516:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minname[4][FLEN_VALUE], /* I - optional keywords for min */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1517:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[4][FLEN_VALUE], /* I - optional keywords for max */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1518:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[4][FLEN_VALUE], /* I - optional keywords for binsize */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, cpref[4][FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG], keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1651:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "column for histogram axis doesn't exist: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1666:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Can't bin a vector column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1678:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Inappropriate datatype; can't bin this column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1713:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Error calculating datamin and datamax for column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1753:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmsg, "Error calculating datamin and datamax for column: ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1883:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], svalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], svalue[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char results[999][30];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:707:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = (int) atol(value+1); /* allow for leading quote character */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:709:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = (int) atol(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:962:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], zcmptype[12];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tform[3];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:967:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tf0[4], tf1[4], tf2[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:969:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1028:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(actual_tilesize, outfptr->Fptr->request_tilesize, MAX_COMPRESS_DIM * sizeof(long));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1146:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tf0, "1QB");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1148:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tf0, "1PB");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tf1, "1D");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1151:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tf2, "1D");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1172:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "RICE_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1176:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "GZIP_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1180:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "GZIP_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1184:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "BZIP2_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1188:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "PLIO_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1191:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform[0], "1QI");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1193:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tform[0], "1PI");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1198:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "HCOMPRESS_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1202:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "NOCOMPRESS");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1287:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zcmptype, "RICE_ONE");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1341:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of unsigned short");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1343:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1348:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of signed byte");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1350:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1355:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of unsigned long");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1357:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:1443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:2157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coltype[4];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:2167:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(coltype, "1PI");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:2169:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(coltype, "1PJ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:2171:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(coltype, "1QE");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:4170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD]; /* a header record */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], card2[FLEN_CARD]; /* a header record */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5529:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "EXTNAME = 'COMPRESSED_IMAGE'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD]; /* a header record */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *patterns[40][2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5822:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, ((infptr->Fptr)->tiledata)[tilecol], (infptr->Fptr)->tiledatasize[tilecol]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5825:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bnullarray, (infptr->Fptr)->tilenullarray[tilecol], tilelen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:6761:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((infptr->Fptr)->tiledata[tilecol], buffer, tilesize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:6767:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((infptr->Fptr)->tilenullarray[tilecol], bnullarray, tilelen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:7089:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nullarray + imgpix, bnullarray + tilepix,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:7101:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image + imgpixbyte, tile + tilepixbyte, overlap_bytes);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:7329:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tile + tilepixbyte, image + imgpixbyte, overlap_bytes);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:7932:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, keyname[9], tform[40], *cdescript;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:7933:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT], keyvalue[FLEN_VALUE], *cvlamem, tempstring[FLEN_VALUE], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8271:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdescript, &cm_buffer[cm_colstart[ii]], datasize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8445:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "RICE_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8447:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "GZIP_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8449:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "GZIP_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8510:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "RICE_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8512:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "GZIP_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8514:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyvalue, "GZIP_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colcode[999]; /* column data type code character */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coltype[999]; /* column data type numeric code value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, keyname[9], tform[40];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, comm[FLEN_COMMENT], zvalue[FLEN_VALUE], *uncompressed_vla = 0, *compressed_vla;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9049:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ptr, (size_t) rmajor_colwidth[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9058:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, ptr, (size_t) rmajor_colwidth[ii]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 2));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 4));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 8));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 2));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9412:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 4));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9449:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap, ptr, (size_t) (length * 8));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9499:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aliasarray[firstelem]), longlongarray, ntodo * 8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9562:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aliasarray[firstelem]), intarray, ntodo * 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9626:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aliasarray[firstelem]), intarray, ntodo * 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9690:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aliasarray[firstelem]), intarray, ntodo * 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:9760:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aliasarray[firstelem]), intarray, ntodo * 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixfilename[SZ_IM2PIXFILE+1];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:279:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (filename, "rb");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixname[SZ_IM2PIXFILE+1];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:365:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (bang + 1, "rb");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:367:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (pixname, "rb");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fhead, *fhead1, *fp, endline[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fitsline[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1324:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[30];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1404:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cval[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwhite[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squot[2], dquot[2], lbracket[2], rbracket[2], slash[2], comma[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[81]; /* large for ESO hierarchical keywords */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1521:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ipar = atoi (brack1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[30];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1836:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[8];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[70];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newcom[50];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[80];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcard[FLEN_CARD], valstring[FLEN_CARD], comm[FLEN_CARD], value[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:421:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:539:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newcomm, "] ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldval[FLEN_VALUE], valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:683:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], tmpkeyname[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:684:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstring[FLEN_VALUE], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:807:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:836:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:837:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:923:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:924:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:981:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:982:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:998:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1025:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1026:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1027:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1043:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1088:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1133:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], tmpkeyname[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstring[FLEN_VALUE], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1438:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1475:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1513:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1550:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1590:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *inbuff, *outbuff, *tmpbuff, buff1[FLEN_CARD], buff2[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], comm[FLEN_COMMENT], value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], comm[FLEN_COMMENT], value[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], message[FLEN_ERRMSG], nextcomm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *inbuff, *outbuff, *tmpbuff, buff1[81], buff2[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1791:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1819:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff2, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1820:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buff2, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG], keyname[FLEN_KEYWORD], nullstr[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1187:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cols[jj].colname, "IMAGE"); /* dummy name for images */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1798:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dataptr = (char *) cols[jj].array + col[jj].nullsize;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1837:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*stringptr, col[jj].null.stringnull, col[jj].nullsize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1841:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cols[jj].array, defaultnull, col[jj].nullsize);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1889:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dataptr = (char *) cols[jj].array + col[jj].nullsize;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1890:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
nullptr = (char *) cols[jj].array;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolb.c:752:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, ntodo); /* just copy input to output */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcold.c:1027:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, ntodo * sizeof(double) ); /* copy input to output */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcole.c:1015:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, ntodo * sizeof(float) ); /* copy input to output */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoli.c:765:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, ntodo * sizeof(short) );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:1363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:1364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolj.c:1366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolk.c:840:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, ntodo * sizeof(int) );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], ctrue = 'T', cfalse = 'F';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[12], snull[12];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:226:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char onbit[8] = {128, 64, 32, 16, 8, 4, 2, 1};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoll.c:227:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char offbit[8] = {127, 191, 223, 239, 247, 251, 253, 254};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], *blanks;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolsb.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], *cstring = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], *cstring = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolui.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluj.c:1341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tform[20], cform[20];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcoluk.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snull[20]; /* the FITS null value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], template[161];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], newname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:139:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
diskfile = fopen(filename,"r");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcard[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD], tmpkeyname[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstring[FLEN_CARD], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:724:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:748:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:761:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:802:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:829:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:830:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:843:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:870:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE], tmpstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:884:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(valstring, ", ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:912:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:913:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:914:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fstring[20], *cptr;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:962:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "COMMENT ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:991:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "HISTORY ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1008:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[30], tmzone[10], card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1016:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmzone, " Local");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1018:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmzone, " UT");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1020:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card, "DATE = '");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1022:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "' / file creation date (YYYY-MM-DDThh:mm:ss");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1153:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datestr, "%.2d/%.2d/%.2d", day, month, year - 1900);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1156:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datestr, "%.4d-%.2d-%.2d", year, month, day);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1197:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lyear = atoi(&datestr[6]) + 1900;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1198:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lmonth = atoi(&datestr[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1199:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lday = atoi(datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1230:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lyear = atoi(datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1231:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lmonth = atoi(&datestr[5]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1232:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lday = atoi(&datestr[8]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1332:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datestr, "%.4d-%.2d-%.2d", year, month, day);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1337:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datestr, "%.2d:%.2d:%0*.*f",
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1343:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(datestr, "%.4d-%.2d-%.2dT%.2d:%.2d:%0*.*f",
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1419:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*hour = atoi(&datestr[11]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1422:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*minute = atoi(&datestr[14]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1446:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*hour = atoi(&datestr[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1449:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*minute = atoi(&datestr[3]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1726:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1844:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1903:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1962:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tcomment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2017:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tdimstr[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2018:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[80], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "size of the multidimensional array");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD], tdimstr[FLEN_VALUE], comm[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[80], message[81];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2205:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "size of the multidimensional array");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FLEN_KEYWORD], comm[FLEN_COMMENT], message[FLEN_ERRMSG];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2316:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "file does conform to FITS standard");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2318:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "file does not conform to FITS standard");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2324:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "IMAGE extension");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2350:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of bits per data pixel");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2362:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of data axes");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2365:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "length of data axis ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2386:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "FITS dataset may contain extensions");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2405:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "random group records are present");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2408:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of random group parameters");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2411:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "number of random groups");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2441:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "required keyword; must = 0");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2444:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "required keyword; must = 1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2452:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of unsigned short");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2454:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2459:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of unsigned long");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2461:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2466:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(card,"BZERO = 9223372036854775808 / offset data range to that of unsigned long long");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2468:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2473:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset data range to that of signed byte");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2475:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "default scaling factor");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfmt[30], name[FLEN_KEYWORD], comm[FLEN_COMMENT], extnm[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfmt[30], name[FLEN_KEYWORD], comm[FLEN_COMMENT], extnm[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, card[FLEN_CARD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2696:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data format of field");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2702:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": ASCII Character");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2718:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "ERROR?? USING ASCII TABLE SYNTAX BY MISTAKE??");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2720:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "rAw FORMAT ERROR! UNIT WIDTH w > COLUMN WIDTH r");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2724:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": BIT");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2726:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": BYTE");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2728:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 1-byte LOGICAL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2730:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 2-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2732:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 2-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2734:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 4-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2736:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 8-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2738:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 4-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2740:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 8-byte INTEGER");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2742:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 4-byte REAL");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2744:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": 8-byte DOUBLE");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2746:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": COMPLEX");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2748:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": DOUBLE COMPLEX");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2750:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comm, ": variable length array");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2764:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for signed bytes");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2769:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2784:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for unsigned integers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2789:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2804:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "offset for unsigned integers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2809:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2824:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, " "); /* make sure name is >= 8 chars long */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2826:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(card, "= 9223372036854775808 / offset for unsigned integers");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2830:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "data are not scaled");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2874:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[FLEN_ERRMSG],comm[81], name[20], xtension[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2900:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comm, "length of data axis ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2940:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%I64d", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2943:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%lld", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2945:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%ld", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2968:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%I64u", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2971:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%llu", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2973:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(cval, "%lu", ival) < 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3021:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outstr, "''"); /* a null FITS string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:90:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (rgnFile = fopen( filename, "r" ))==NULL ) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:1414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[FLEN_COMMENT];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:1415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[6][FLEN_VALUE] = {"X", "Y", "SHAPE", "R", "ROTANG", "COMPONENT"};
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:1416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shapename[17][FLEN_VALUE] = {"POINT","CIRCLE","ELLIPSE","ANNULUS",
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.h:15:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[6];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[FLEN_VALUE], keyname[FLEN_VALUE], alt[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:458:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CRVAL1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:464:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CRVAL2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:470:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CRPIX1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:476:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CRPIX2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:483:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CDELT1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:489:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CD1_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:496:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CD2_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:503:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CD1_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:510:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CD2_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:566:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CDELT2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:572:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CROTA2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:580:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CDELT2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:586:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CROTA2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:594:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "PC1_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:601:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "PC2_1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:608:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "PC1_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:615:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "PC2_2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:657:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "CTYPE1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:772:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[FLEN_KEYWORD];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:773:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstring[FLEN_VALUE];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[2];
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:846:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cptr, "NAXIS = 2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:855:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(keyname, "NAXIS2");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1039:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cptr, "END");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/crc32.c:161:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("crc32.h", "w");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.c:607:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hbuf[4]; /* buffer for gzip header crc calculation */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/inflate.c:1350:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* to restore bit buffer to byte string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/trees.c:333:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ifname[128]; /* input file name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[2]; /* magic header */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:503:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf+outpos, stackp, i);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:514:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf+outpos, stackp, i);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:594:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) *memptr + bytes_out, (char *) buf, cnt);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.c:12:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const z_errmsg[10] = {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:99:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:173:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zutil.h:232:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcompress.c:46:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'i': indent = atoi(argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votconcat.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *infile[MAX_FILES];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votconcat.c:52:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'i': indent = atoi (argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcopy.c:93:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'i': indent = atoi (argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[SZ_URL]; /* access URL */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_URL]; /* local filename */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:173:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'A': acol = atoi(argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:177:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'F': tcol = atoi(argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:178:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': nthreads = atoi(argv[++i]); break;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:202:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (afname && (afd = fopen (afname, "w+")) == (FILE *) NULL) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:384:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (infile, O_RDONLY)) < 0)
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_READ];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:529:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fd = fopen (infile, "r"))) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile[SZ_FNAME], dot[SZ_FNAME], errBuf[CURL_ERROR_SIZE];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:672:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (fname, "wb")) == NULL) { /* open the output file */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:705:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (dot, "w")) == NULL) { /* open cache file */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:720:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dfd = open (fname, O_RDONLY)) > 0) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:721:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], new[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votpos.c:59:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (oname, "w+")) == (FILE *) NULL)
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ttype[MAX_FIELDS], *tform[MAX_FIELDS], *tunit[MAX_FIELDS], *ch;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:165:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dA",
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:166:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(asize[0] == '*' ? widths[i] : atoi (asize)));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:172:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dE", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:178:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dD", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:184:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dJ", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *id, *nam, *val, *unit, keyw[SZ_FNAME], comment[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:254:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sID%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sNAM%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:273:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sVAL%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:283:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sUNI%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ucd, *utype, *id, keyw[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:303:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TUCD%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:310:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TUTYPE%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:318:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TID%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **ccol, *tform, cell[1024], *tok, *sep = " ", *brkt = NULL;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:340:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (tform);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:348:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ccol[i] = (char *) data[i * ncols + j];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:421:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((long *) icol)[i] = (long) atoi (data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:435:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ip++ = (long) atoi (tok);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ucd[1000];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[50];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:228:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "row: %i, col: %i", i, j);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:246:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colname, "col%d", i);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zztest.c:258:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vot_setValue(td, (char *) data_m[(i * ncols) + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:160:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out, "=\"");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votElement.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_attr[MAX_ATTR], *tok = req_attr, *name;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_str[SZ_ATTRNAME], value[SZ_ATTRNAME], tempstr[SZ_ATTRNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:78:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vot_attrSet (me->attr, (char *)atts[att], (char *)atts[att+1]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:78:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
vot_attrSet (me->attr, (char *)atts[att], (char *)atts[att+1]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:82:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempstr, "NCOLS");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:83:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%i", cols);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:86:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempstr, "NROWS");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:87:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%i", rows);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_str[SZ_ATTRNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[SZ_ATTRNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[SZ_ATTRNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:136:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempstr, "NCOLS");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:137:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols = (atoi (vot_attrGet (parent->attr, tempstr)) + 1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:138:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%i", cols);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:145:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempstr, "NROWS");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:146:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atoi (vot_attrGet (parent->parent->parent->attr,
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:148:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%i", rows);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE], *ip, urlFname[BUFSIZE];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:258:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (urlFname, "/tmp/votXXXXXX");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:259:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((tfd = mkstemp (urlFname) < 0))
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:260:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (urlFname, "/tmp/votquery");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:264:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !(fd = fopen (urlFname, "r")) ) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:278:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd = fopen (&arg[7], "r"))) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:287:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd = fopen (arg, "r"))) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:1905:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ((atoi(vot_attrGet (tdata->parent->parent->attr, "NCOLS"))));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:1926:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( (atoi(vot_attrGet (tdata->parent->parent->attr, "NROWS"))) );
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[SZ_FNAME], *ctest, *atest;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2568:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (fname, "w+")) == (FILE *) NULL) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2608:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (ofname, "w+")) == (FILE *) NULL) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2680:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (ofname, "w+")) == (FILE *) NULL) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile[SZ_FNAME], errBuf[CURL_ERROR_SIZE], fname[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2714:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen (ofname, "wb")) == NULL) { /* open the output file */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ttype[MAX_FIELDS], *tform[MAX_FIELDS], *tunit[MAX_FIELDS], *ch;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extname[SZ_LINE], col[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2863:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (col, "col%d", i + 1); /* one-indexed */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2877:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dA",
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2878:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(asize[0] == '*' ? widths[i] : atoi (asize)));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2884:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dE", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2890:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dD", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2897:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dI", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2903:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dJ", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2909:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tform[i], "%dJ", spaces[i]+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2929:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (extname, "ext%d", resnum);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2989:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *id, *nam, *val, *unit, keyw[SZ_FNAME], comment[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2996:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sNAM%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3006:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sVAL%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3016:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sID%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3026:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "%3.3sUNI%d", meta, index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ucd, *utype, *id, keyw[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3046:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TID%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3054:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TUCD%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3062:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (keyw, "TUTYPE%d", index);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **ccol, *d, *tform, cell[1024], *tok, *sep = " ", *brkt = NULL;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3088:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (tform);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3176:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((short *) scol)[i] = (short) atoi (data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3189:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*sp++ = (short) atoi (tok);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3206:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((long *) icol)[i] = (long) atoi (data[i * ncols + j]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3219:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ip++ = (long) atoi (tok);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SZ_FNAME], cmd[SZ_FNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3267:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp, "/tmp/vo%d", (int)getpid());
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3503:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (fname, "w+");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3987:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols = atoi (vot_attrGet (tdata->parent->parent->attr, "NCOLS"));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3988:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atoi (vot_attrGet (tdata->parent->parent->attr, "NROWS"));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParseP.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SZ_ATTRNAME];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParseP.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[SZ_ATTRVAL];
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1143:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( atoi (vot_getTableCell (*tdata, (*row - 1), (*col - 1))) );
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1391:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( atoi (vot_getValue (*elem)) );
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.c:1148:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( atoi (vot_getTableCell (*tdata, *row, *col)) );
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_spp.c:1493:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( atoi (vot_getValue (*elem)) );
data/iraf-2.16.1+2018.11.01/lib/finfo.h:22:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FI_ROWNER 1 # read perm for owner
data/iraf-2.16.1+2018.11.01/lib/finfo.h:24:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FI_RGROUP 3 # read perm for group
data/iraf-2.16.1+2018.11.01/lib/finfo.h:26:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FI_RWORLD 5 # read perm for world
data/iraf-2.16.1+2018.11.01/lib/finfo.h:28:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FI_RDLOCK 13 # temporary read lock in place
data/iraf-2.16.1+2018.11.01/lib/fio.h:40:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FNBYTES Memi[$1+15] # nbytes last rec read
data/iraf-2.16.1+2018.11.01/lib/fio.h:69:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define FF_READ 2B # read perm on file
data/iraf-2.16.1+2018.11.01/lib/fset.h:19:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define F_DEVICE 13 #* entry point address device read/get routine
data/iraf-2.16.1+2018.11.01/lib/fset.h:40:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define F_READ 34 #r does file have read access [y/n]
data/iraf-2.16.1+2018.11.01/lib/fset.h:43:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define F_SZBBLK 37 #r size in bytes of last dev block read|written
data/iraf-2.16.1+2018.11.01/lib/fset.h:53:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define F_FFIOREAD 1 # read in progress
data/iraf-2.16.1+2018.11.01/lib/gescape.h:57:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define GIM_READPIXELS 16 # read from a raster
data/iraf-2.16.1+2018.11.01/lib/gescape.h:97:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define GIM_READCMAP 20 # read from a colormap
data/iraf-2.16.1+2018.11.01/lib/gescape.h:125:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define GIM_READIOMAP 24 # read from the iomap
data/iraf-2.16.1+2018.11.01/lib/math/curfit.h:17:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define WTS_UNIFORM 2 # equal weights
data/iraf-2.16.1+2018.11.01/lib/math/gsurfit.h:22:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define WTS_UNIFORM 2 # equal weights
data/iraf-2.16.1+2018.11.01/lib/math/surfit.h:16:23: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define SF_UNIFORM 2 # equal weights, weight 1.0
data/iraf-2.16.1+2018.11.01/lib/pkg/mef.h:20:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define MEF_CGROUP Memi[$1+6] # Current group read
data/iraf-2.16.1+2018.11.01/lib/tbset.h:2:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# and defines parameters that can be set by tbpset and/or read by tbpsta.
data/iraf-2.16.1+2018.11.01/lib/tbset.h:31:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# This section defines parameters that can be set or read.
data/iraf-2.16.1+2018.11.01/lib/tbset.h:38:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# These can be set by tbpset and/or read by tbpsta:
data/iraf-2.16.1+2018.11.01/lib/tbset.h:48:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# The table subtype can be read by tbpsta. The subtype can be set for
data/iraf-2.16.1+2018.11.01/lib/tbset.h:69:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# These can be read by tbpsta but may not be set:
data/iraf-2.16.1+2018.11.01/lib/ttyset.h:1:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# TTYSET.H -- TTY parameters that can be set with TTYSETI or read with TTYSTATI.
data/iraf-2.16.1+2018.11.01/math/gsurfit/gsurfit.h:22:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define WTS_UNIFORM 2 # equal weights
data/iraf-2.16.1+2018.11.01/noao/digiphot/daophot/lib/daophotdef.h:191:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define DP_RNOISESQ Memr[P2R($1+58)] # read noise squared (ADU)
data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/cyber.h:153:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define SZ_TAPE_BUFFER (SZ_TAPE_BLK + 60) # Size of tape buffer for read
data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/cyber.h:161:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define LEN_CYBER_READ (4 * 65) # Number of Cyber words read at once
data/iraf-2.16.1+2018.11.01/noao/mtlocal/cyber/rrcopy/rrcopy.h:12:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define SZ_BUFFER (SZ_TAPE_BLK + 100) # Size of tape buffer for read
data/iraf-2.16.1+2018.11.01/noao/mtlocal/idsmtn/idsmtn.h:4:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define DUMMY 3 # Value returned if DUMMY IDS record is read
data/iraf-2.16.1+2018.11.01/noao/obsutil/src/sptime/sptime.h:107:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define ST_RDNOISE Memr[P2R($1+25)] # Detector read noise
data/iraf-2.16.1+2018.11.01/noao/onedspec/irsiids/idsmtn.h:4:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define DUMMY 3 # Value returned if DUMMY IDS record is read
data/iraf-2.16.1+2018.11.01/noao/onedspec/scombine/icombine.h:59:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define TOL 0.001 # Tolerance for equal residuals
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:202:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (res, o1sp, cp - o1sp);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:204:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:303:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:383:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:641:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.o_val.v_i = strlen (o1.o_val.v_s) ||
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:642:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:649:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.o_val.v_i = strlen (o1.o_val.v_s) &&
data/iraf-2.16.1+2018.11.01/pkg/cl/binop.c:650:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:113:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bkgmsg, bcs, SZ_BKGMSG);
data/iraf-2.16.1+2018.11.01/pkg/cl/bkg.c:161:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bk->b_cmd, cmd, SZ_CMD);
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:206:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pfilename, ".");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1635:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:1932:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (os_filelist, " ");
data/iraf-2.16.1+2018.11.01/pkg/cl/builtin.c:2005:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (allocdev[n].devname, device, SZ_DEVNAME);
data/iraf-2.16.1+2018.11.01/pkg/cl/clprintf.c:176:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (list[i-1])) > maxlen)
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:55:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc (fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/cl/clsystem.c:63:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc (fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:231:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = memneed (btoi (strlen (s) + 1));
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:243:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int eslen = strlen (es) + 1;
data/iraf-2.16.1+2018.11.01/pkg/cl/compile.c:245:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneed (btoi (eslen + strlen (ns)) - btoi (eslen));
data/iraf-2.16.1+2018.11.01/pkg/cl/debug.c:414:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_prefix = strlen (prefix);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s, ar.a_s[i], slen-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:370:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, s, SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:407:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s) + 1; /* allow for eos */
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:532:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, o->o_val.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:588:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, o->o_val.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:717:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(op->o_val.v_s) + 1;
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:801:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key);
data/iraf-2.16.1+2018.11.01/pkg/cl/decl.c:873:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = btoi (strlen(o->o_val.v_s) + 1);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:76:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (command[i].cmd == REPAINT && strlen(command[i].escape)==1)
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:204:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[num].escape, label, SZ_ESCAPE);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:205:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[num].keystroke, name, SZ_KEYSTROKE);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:214:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (command[num].escape, "");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:215:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (command[num].keystroke, " ");
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:217:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[EDITOR_ID].keystroke, editor, SZ_KEYSTROKE);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (nchars == strlen (command[k].escape))
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:304:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*(++cmd) = fgetc(stdin);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:373:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (strp[0]);
data/iraf-2.16.1+2018.11.01/pkg/cl/edcap.c:391:2: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc (stdin);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:497:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (maxcol - strlen(logo)) / 2;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:502:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (maxcol - strlen(title)) / 2;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:582:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen (valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:588:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (valuebuf, ")");
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:670:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (colbuf, ".");
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:850:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (message);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1034:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen(new_cmd) - 1;
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1070:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ochars = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1168:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1182:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc (stdin);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1437:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (oldword, cp, numdel);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1454:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cp, oldword, oldnum);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1488:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/cl/eparam.c:1613:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (op=buf; (ch = fgetc (stdin)) != EOF; ) {
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:651:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxch -= (strlen(buf) + 2);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:722:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (bin_root);
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:839:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nchars=strlen(tn), m_pp=NULL; pfp; pfp = pfp->pf_npset) {
data/iraf-2.16.1+2018.11.01/pkg/cl/exec.c:842:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pp->p_name) == nchars)
data/iraf-2.16.1+2018.11.01/pkg/cl/gquery.c:176:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (message, ")");
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:311:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:345:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, ",");
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:347:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (buf) > SZ_LINE-14)
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:350:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "]");
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:352:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:363:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:576:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, full, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:691:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/iraf-2.16.1+2018.11.01/pkg/cl/gram.c:817:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sbuf, &o.o_val.v_s[subi[0]-1], n);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:328:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_cmd) > (cmdblk + SZ_CMDBLK - op_cmdblk)) {
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:414:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
execute = (strncmp (ip, NO_EXECUTE, strlen(NO_EXECUTE)) != 0);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:416:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip += strlen (NO_EXECUTE);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:421:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen (new_command_block);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:466:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (NO_EXECUTE);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:484:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (pattern);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:503:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_command_block) == 0)
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:549:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (pattern);
data/iraf-2.16.1+2018.11.01/pkg/cl/history.c:757:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ip = command + strlen(command) - 1; ip >= command; --ip)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:348:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT)strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:354:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT)strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:363:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT)strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:372:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT) strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:846:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/cl/modes.c:975:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (val);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:72:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:132:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s2 = memneed (btoi (strlen (o2.o_val.v_s) + 1));
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:379:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s1, o2.o_val.v_s, 1024);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:463:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:523:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/opcodes.c:750:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/cl/operand.c:66:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (outstr, ".");
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:86:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (pname);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:259:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*p_s, o.o_val.v_s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:265:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, o.o_val.v_s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:292:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, o.o_val.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:326:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, o.o_val.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:352:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:353:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_prompt, o.o_val.v_s, len - 1);
data/iraf-2.16.1+2018.11.01/pkg/cl/param.c:607:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (redir, &result.o_val.v_s[1], SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:403:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (n_pp->p_val.v_s, o_pp->p_val.v_s, n_pp->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:769:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "$");
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:921:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*q++, *p++, len-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:930:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_val.v_s, pp->p_val.v_s, pp->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:938:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_min.v_s, pp->p_min.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:946:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_max.v_s, pp->p_max.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1082:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_val.v_s, pf->p_val.v_s, pf->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1092:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_min.v_s, pf->p_min.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1102:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_max.v_s, pf->p_max.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, s, SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1300:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
initlen = strlen (initbuf); /* includes \n, if present */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1308:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != '\n' && c != EOF)
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1345:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s) + 1; /* allow for eos */
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1458:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1490:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/pfiles.c:1586:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dest, s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:111:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, o.o_val.v_s, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/cl/scan.c:256:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, o.o_val.v_s, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/cl/stack.c:124:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = btoi (strlen (op->o_val.v_s) + 1);
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:177:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen (ltname);
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:250:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (name);
data/iraf-2.16.1+2018.11.01/pkg/cl/task.c:308:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (name);
data/iraf-2.16.1+2018.11.01/pkg/cl/unop.c:231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iresult = strlen (sval);
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:1521:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:3368:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pname, ".");
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:4109:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (curr_param, stkop((yyvsp[(1) - (1)]))->o_val.v_s,
data/iraf-2.16.1+2018.11.01/pkg/cl/ytab.c:4140:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (curr_param, stkop((yyvsp[(1) - (1)]))->o_val.v_s, SZ_FNAME);
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h:46:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define EXT_PRIMARY 1 # recognized and read
data/iraf-2.16.1+2018.11.01/pkg/dataio/fits/rfits.h:47:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define EXT_IMAGE 2 # recognized and read
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:245:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (res, o1sp, cp - o1sp);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:247:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (format, "%%0%dd", strlen (cp));
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:426:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:462:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:803:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.o_val.v_i = strlen (o1.o_val.v_s) ||
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:804:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:811:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.o_val.v_i = strlen (o1.o_val.v_s) &&
data/iraf-2.16.1+2018.11.01/pkg/ecl/binop.c:812:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (o2.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:114:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bkgmsg, bcs, SZ_BKGMSG);
data/iraf-2.16.1+2018.11.01/pkg/ecl/bkg.c:163:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (bk->b_cmd, cmd, SZ_CMD);
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:212:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pfilename, ".");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:1741:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2037:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (os_filelist, " ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/builtin.c:2110:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (allocdev[n].devname, device, SZ_DEVNAME);
data/iraf-2.16.1+2018.11.01/pkg/ecl/clprintf.c:176:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (list[i-1])) > maxlen)
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:54:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc (fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/ecl/clsystem.c:62:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc (fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:237:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = memneed (btoi (strlen (s) + 1));
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:249:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int eslen = strlen (es) + 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/compile.c:251:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneed (btoi (eslen + strlen (ns)) - btoi (eslen));
data/iraf-2.16.1+2018.11.01/pkg/ecl/debug.c:434:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_prefix = strlen (prefix);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:308:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s, ar.a_s[i], slen-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:370:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, s, SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:407:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s) + 1; /* allow for eos */
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:532:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, o->o_val.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:588:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, o->o_val.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:717:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(op->o_val.v_s) + 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:809:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key);
data/iraf-2.16.1+2018.11.01/pkg/ecl/decl.c:881:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = btoi (strlen(o->o_val.v_s) + 1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:76:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (command[i].cmd == REPAINT && strlen(command[i].escape)==1)
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:204:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[num].escape, label, SZ_ESCAPE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:205:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[num].keystroke, name, SZ_KEYSTROKE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:214:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (command[num].escape, "");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:215:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (command[num].keystroke, " ");
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:217:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (command[EDITOR_ID].keystroke, editor, SZ_KEYSTROKE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (nchars == strlen (command[k].escape))
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:304:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*(++cmd) = fgetc(stdin);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:371:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (strp[0]);
data/iraf-2.16.1+2018.11.01/pkg/ecl/edcap.c:389:2: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc (stdin);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:509:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (maxcol - strlen(logo)) / 2;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:514:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (maxcol - strlen(title)) / 2;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:594:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen (valuebuf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:600:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (valuebuf, ")");
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:682:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (colbuf, ".");
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:862:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (message);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1046:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen(new_cmd) - 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1082:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ochars = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1180:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1194:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc (stdin);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1449:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (oldword, cp, numdel);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1466:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cp, oldword, oldnum);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1500:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchar = strlen (string);
data/iraf-2.16.1+2018.11.01/pkg/ecl/eparam.c:1625:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (op=buf; (ch = fgetc (stdin)) != EOF; ) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:696:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxch -= (strlen(buf) + 2);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:767:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (bin_root);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:882:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nchars=strlen(tn), m_pp=NULL; pfp; pfp = pfp->pf_npset)
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:885:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pp->p_name) == nchars)
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1230:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (errcom.errmsg, "");
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1332:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1344:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/exec.c:1350:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (&buf[i]) > 68)
data/iraf-2.16.1+2018.11.01/pkg/ecl/gquery.c:171:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (message, ")");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:403:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:437:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, ",");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:439:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (buf) > SZ_LINE-14)
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:442:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "]");
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:444:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:455:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen (buf);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:651:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, full, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:762:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:898:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sbuf, &o.o_val.v_s[subi[0]-1], n);
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:932:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o2 = strlen (istr.o_val.v_s) - 1;
data/iraf-2.16.1+2018.11.01/pkg/ecl/gram.c:941:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sbuf, &istr.o_val.v_s[o1], o2-o1+1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:269:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (raw_cmd, "\n");
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:354:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_cmd) > (cmdblk + SZ_CMDBLK - op_cmdblk)) {
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:371:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (cmdblk);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:375:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, cmdblk, len-1); /* trounce the NL we do have */
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:458:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
execute = (strncmp (ip, NO_EXECUTE, strlen(NO_EXECUTE)) != 0);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:460:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip += strlen (NO_EXECUTE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:465:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen (new_command_block);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:507:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (NO_EXECUTE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:525:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (pattern);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:544:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (new_command_block) == 0)
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:590:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (pattern);
data/iraf-2.16.1+2018.11.01/pkg/ecl/history.c:796:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ip = command + strlen(command) - 1; ip >= command; --ip)
data/iraf-2.16.1+2018.11.01/pkg/ecl/main.c:419:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (epar_cmdbuf, "");
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:344:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT) strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:350:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT) strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:359:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT) strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:368:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_status = (char *) ((XINT) strlen(buf));
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:831:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/iraf-2.16.1+2018.11.01/pkg/ecl/modes.c:952:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (val);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:71:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:129:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s2 = memneed (btoi (strlen (o2.o_val.v_s) + 1));
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:366:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s1, o2.o_val.v_s, 1024);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:446:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:504:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/opcodes.c:719:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len = strlen (o.o_val.v_s);
data/iraf-2.16.1+2018.11.01/pkg/ecl/operand.c:63:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (outstr, ".");
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:82:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (pname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:252:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*p_s, o.o_val.v_s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:258:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, o.o_val.v_s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:285:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, o.o_val.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:319:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, o.o_val.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:345:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (pp->p_prompt);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:346:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_prompt, o.o_val.v_s, len - 1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/param.c:595:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (redir, &result.o_val.v_s[1], SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:401:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (n_pp->p_val.v_s, o_pp->p_val.v_s, n_pp->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:765:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "$");
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:912:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*q++, *p++, len-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:921:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_val.v_s, pp->p_val.v_s, pp->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:929:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_min.v_s, pp->p_min.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:937:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newpp->p_max.v_s, pp->p_max.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1070:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_val.v_s, pf->p_val.v_s, pf->p_lenval-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1080:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_min.v_s, pf->p_min.v_s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1090:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pt->p_max.v_s, pf->p_max.v_s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1225:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_val.v_s, s, SZ_FNAME-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1285:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
initlen = strlen (initbuf); /* includes \n, if present */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1293:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != '\n' && c != EOF)
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1330:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s) + 1; /* allow for eos */
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1443:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_min.v_s, s, PF_SZMINSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1475:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pp->p_max.v_s, s, PF_SZMAXSTR-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/pfiles.c:1571:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dest, s, len-1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:109:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, o.o_val.v_s, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/scan.c:250:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, o.o_val.v_s, SZ_LINE);
data/iraf-2.16.1+2018.11.01/pkg/ecl/stack.c:123:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = btoi (strlen (op->o_val.v_s) + 1);
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:171:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen (ltname);
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:242:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/task.c:298:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (name);
data/iraf-2.16.1+2018.11.01/pkg/ecl/unop.c:338:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iresult = strlen (sval);
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:1557:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:3409:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pname, ".");
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:4241:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (curr_param, stkop((yyvsp[(1) - (1)]))->o_val.v_s,
data/iraf-2.16.1+2018.11.01/pkg/ecl/ytab.c:4272:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (curr_param, stkop((yyvsp[(1) - (1)]))->o_val.v_s, SZ_FNAME);
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:115:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_CTRL_RW 2 # read/write field in control instr.
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:123:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_READ 1 # read command
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:124:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_READ_WT 2 # wait for action, then read
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:172:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_CRAW IDS_CSPECIAL # raw cursor read
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:173:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_BUT_RD 4098 # "cursor number" for read buttons cmd
data/iraf-2.16.1+2018.11.01/pkg/images/tv/iis/lib/ids.h:174:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define IDS_BUT_WT 4099 # wait for button press, then read
data/iraf-2.16.1+2018.11.01/pkg/proto/maskexpr/peregfuncs.h:44:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define equal (abs($1-$2)<TOL)
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h:6:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# read only outside the main routine.
data/iraf-2.16.1+2018.11.01/pkg/softools/mkapropos/help.h:93:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# data stream read by Lroff. Lroff passes control codes on to the output,
data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h:6:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# read only outside the main routine.
data/iraf-2.16.1+2018.11.01/pkg/system/help/help.h:109:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# data stream read by Lroff. Lroff passes control codes on to the output,
data/iraf-2.16.1+2018.11.01/pkg/tbtables/tbltext.h:5:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# These are possible values for the line type as read by tbzlin:
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/display/curses.h:7:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# The following string defines the set of commands read from the edcap file
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/field.h:6:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define TED_RDOFLD Memi[$1+1] # is this a read only field?
data/iraf-2.16.1+2018.11.01/pkg/utilities/nttools/tedit/table.h:5:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define TED_READONLY Memi[$1] # is table read only?
data/iraf-2.16.1+2018.11.01/pkg/xtools/inlfit/inlfitdef.h:134:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
# buffer will be equal to the maximum number of keys (IN_GKEYS) times
data/iraf-2.16.1+2018.11.01/sys/gio/cursor/grc.h:1:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# GRC.H -- Global definitions and data structures for the RCURSOR (cursor read)
data/iraf-2.16.1+2018.11.01/sys/gio/fonts/mkfont.c:63:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch, hnum, hindex, hlength, strlen(data),
data/iraf-2.16.1+2018.11.01/sys/gio/fonts/mkfont.c:64:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(data) % 2) ? "ERROR" : "");
data/iraf-2.16.1+2018.11.01/sys/gio/stdgraph/stdgraph.h:43:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define SG_UPDCURSOR Memi[$1+19] # update cursor pos before read
data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h:14:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define RO 1 # read only
data/iraf-2.16.1+2018.11.01/sys/imfort/imfort.h:16:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define RW 3 # read write
data/iraf-2.16.1+2018.11.01/sys/ki/ki.h:38:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define SZ_DIRDATA 2048 # amount of directory data to read
data/iraf-2.16.1+2018.11.01/sys/libc/cfmapfn.c:31:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (osfn, (char *)x_osfn, maxch);
data/iraf-2.16.1+2018.11.01/sys/libc/cfmapfn.c:35:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (osfn));
data/iraf-2.16.1+2018.11.01/sys/libc/cfpath.c:33:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (osfn));
data/iraf-2.16.1+2018.11.01/sys/libc/cmktemp.c:26:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (c_strpak (temp, temp_filename, maxch)));
data/iraf-2.16.1+2018.11.01/sys/libc/cread.c:44:31: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (--n >= 0 && (ch = getc(fp)) >= 0) {
data/iraf-2.16.1+2018.11.01/sys/libc/cstrupk.c:33:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = min (n, strlen(ip));
data/iraf-2.16.1+2018.11.01/sys/libc/cxgmes.c:27:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (oserrmsg, (char *)x_oserrmsg, maxch);
data/iraf-2.16.1+2018.11.01/sys/libc/fgetc.c:14:1: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc (
data/iraf-2.16.1+2018.11.01/sys/libc/fgetc.c:18:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (getc (fp));
data/iraf-2.16.1+2018.11.01/sys/libc/fgets.c:24:27: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (--n >= 0 && (ch = getc (fp)) >= 0) {
data/iraf-2.16.1+2018.11.01/sys/libc/gets.c:23:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc (fp)) != EOF) {
data/iraf-2.16.1+2018.11.01/sys/libc/getw.c:25:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*op++ = getc (fp);
data/iraf-2.16.1+2018.11.01/sys/libc/scanf.c:50:40: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(in->i_nchars++, in->i_type ? (int)getc(in->u.fp) : (int)*in->u.ip++)
data/iraf-2.16.1+2018.11.01/sys/libc/strdup.c:15:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (str);
data/iraf-2.16.1+2018.11.01/sys/libc/strdup.c:17:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = calloc (1, strlen (str) + 1);
data/iraf-2.16.1+2018.11.01/sys/libc/strlen.c:11:1: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/iraf-2.16.1+2018.11.01/sys/libc/strncat.c:11:1: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (
data/iraf-2.16.1+2018.11.01/sys/libc/strncpy.c:13:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (
data/iraf-2.16.1+2018.11.01/sys/libc/zztest.c:39:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc (in)) != EOF)
data/iraf-2.16.1+2018.11.01/sys/mtio/mtio.h:31:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define MT_ATEOF mtdev[6,$1+1] # reached end of file on a read
data/iraf-2.16.1+2018.11.01/sys/plio/plpolygon.h:7:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define equal (abs($1-$2)<TOL)
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:3:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# The MIO routines are used to sequentially read or write the portion of
data/iraf-2.16.1+2018.11.01/sys/pmio/mio.h:38:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# EOF is returned when there are no more visible pixels to be read through the
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h:125:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define EQLI 12 # test if equal
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h:128:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define LEQI 15 # test if less than or equal
data/iraf-2.16.1+2018.11.01/sys/qpoe/qpex.h:131:44: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
define GEQI 18 # test if greater than or equal
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/envinit.c:72:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newlibs) > 0 && strcmp (newlibs, pkglibs)) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/oscmd.c:20:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)x_cmd, cmd, SZ_CMD);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osdir.c:72:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname, osfn2vfn ((char *)osfn), maxch);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osfcopy.c:77:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read (in, (char *)buf, SZ_FBUF)) > 0)
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osgetenv.c:93:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (outstr, (char *)value, maxch);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:23:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (env = (char *) malloc (strlen(buf) + 1)) ) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osputenv.c:51:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (env = (char *) malloc (strlen(buf) + 1)) ) {
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osread.c:17:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read (fd, buf, nbytes));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/osstrupk.c:35:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = min (n, strlen(ip));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:50:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname, irafpath(sysfile), maxch);
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:53:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (fname));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/ossysfile.c:73:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen (fname));
data/iraf-2.16.1+2018.11.01/unix/boot/bootlib/tape.c:183:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read (0, buf, maxbytes);
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:180:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ip == NULL && strlen(types) > 1)
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:184:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (genfname[0] == EOS || strlen (types) > 1)
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:193:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (fname, ".");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:502:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (types, "i");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/generic.c:516:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (types, "i");
data/iraf-2.16.1+2018.11.01/unix/boot/generic/lexyy.c:685:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/iraf-2.16.1+2018.11.01/unix/boot/generic/lexyy.c:900:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yytext[strlen(yytext)-5] = '\0';
data/iraf-2.16.1+2018.11.01/unix/boot/generic/lexyy.c:1795:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,(int) strlen(yystr) );
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:95:46: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n=SZ_CMD,op=lbuf; --n >= 0 && (ch=getc(fp)) != EOF; )
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/char.c:362:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (getc (cx->fp));
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c:72:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fname) > SZ_NAME)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fdcache.c:78:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fd->fname, fname, SZ_NAME);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/fncache.c:87:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fnlen > SZ_FNAME || strlen(lname) > SZ_LNAME)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:120:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args = &cmd[strlen(cmd)];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:184:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args = &cmd[strlen(cmd)];
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:542:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nbytes = read (in, buf, SZ_COPYBUF)) > 0)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:681:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (op + strlen (flist[i]) + 1 >= otop)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/host.c:722:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (op + strlen (flist[i]) + 1 >= otop)
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/main.c:72:48: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zzpause (void) { printf ("ready ...."); (void) getc(stdin); }
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/pkg.c:545:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ncx->curdir, "/");
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:151:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_arfmag = strlen (ARFMAG);
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, arf.ar_name, 16); name[16] = '\0';
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/scanlib.c:168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (date, arf.ar_date, 12); date[12] = '\0';
data/iraf-2.16.1+2018.11.01/unix/boot/mkpkg/tok.c:668:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_matchstr = strlen (match);
data/iraf-2.16.1+2018.11.01/unix/boot/rtar/rtar.c:244:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_pathprefix = strlen (pathprefix);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/rpp/ratlibc/getlin.c:18:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (++count<MAXLINE && (c = getc(fp))>=0) {
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:350:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen (bp) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:954:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libp += strlen (libp) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:977:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (lflag);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xc.c:1069:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen (absname) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:104:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (procname, name, SZ_FNAME);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:313:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = strlen(procname) + 9;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:321:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen (sp->s_name);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = strlen (sp->s_name) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/decl.c:423:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextch += strlen(name) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:1156:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2409:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,(int) strlen(yystr) );
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2801:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname[istkptr], fname[istkptr-1], root_len);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2805:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root_len = strlen (p);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/lexyy.c:2806:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fname[istkptr], p, root_len);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:863:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_offset += strlen (task_name) + 1;
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:930:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (proc_name, task_name, maxch);
data/iraf-2.16.1+2018.11.01/unix/boot/spp/xpp/xppcode.c:1697:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (string);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:353:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (fh.linkname, "");
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:425:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hb.dbuf.name, fh->name, NAMSIZ-1);
data/iraf-2.16.1+2018.11.01/unix/boot/wtar/wtar.c:443:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hb.dbuf.linkname, fh->linkname, NAMSIZ-1);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:291:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (fdebug)) != EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:300:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != EOF) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:304:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (finput)) == 'A') {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:310:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (fudecl)) != EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:316:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != '\n' && c != EOF);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:324:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (ftable)) != EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:330:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != '\n' && c != EOF);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:338:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (faction)) != EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y1.c:344:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != '\n' && c != EOF);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:197:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = realloc (parser, strlen (parser) + strlen ("lib/yaccpar.x") + 1);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:197:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser = realloc (parser, strlen (parser) + strlen ("lib/yaccpar.x") + 1);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:248:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *) malloc (strlen (optarg) + sizeof ("/yaccpar") + 1);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:281:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (fname,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:282:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_prefix, F_NAME_LENGTH - strlen (".output"));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:293:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy (fname,
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:294:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_prefix, F_NAME_LENGTH - strlen (".tab.h"));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:792:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:813:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (s);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1066:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1073:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1089:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != '>' && c != EOF && c != '\n') {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1114:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1118:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1133:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc (finput)) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1159:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc (finput); isdigit (c); c = getc (finput)) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1159:47: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc (finput); isdigit (c); c = getc (finput)) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1174:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1210:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1221:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1286:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (finput)) == EOF)
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1329:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1331:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1346:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (; c >= 0; c = getc (finput)) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1348:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (finput)) == '}')
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1354:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (finput)) == '}') {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1376:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc (finput)) != '\n')
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1399:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1415:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) == ' ' || c == '\t')
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1427:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1440:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1446:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1495:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1500:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1504:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (finput)) == '/')
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1510:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1518:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != EOF) {
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1521:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (finput);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1581:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int s_lhs = strlen (s);
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1605:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int s_rhs = (s == NULL ? 0 : strlen (s));
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y2.c:1669:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idx2 = strlen (rhstext) * 2;
data/iraf-2.16.1+2018.11.01/unix/boot/xyacc/y4.c:484:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (finput)) != EOF) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/backspac.c:58:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(f) != '\n')
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dfe.c:14:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(f__cf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/dfe.c:24:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((ch=getc(f__cf))!=EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/getenv_.c:48:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fp = F77_aloc(i+1, "getenv_"), fname, (int)i);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lread.c:87:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((ch=getc(f__cf))!=EOF) return(ch);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/lwrite.c:111:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:92:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:159:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(b->ufnm) == a->ofnmlen
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:250:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->ufnm=(char *) malloc((unsigned int)(strlen(buf)+1));
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/open.c:291:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a.ofnmlen=strlen(nbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:8:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rawio.h:20:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern int read(int,void*,size_t), write(int,void*,size_t);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsfe.c:13:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch=getc(f__cf))!='\n')
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/rsfe.c:26:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f__cf);
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c:45:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( getc(fin)!='g' || getc(fin)!='o' || getc(fin)!='\n' ) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c:45:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( getc(fin)!='g' || getc(fin)!='o' || getc(fin)!='\n' ) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/s_paus.c:45:42: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( getc(fin)!='g' || getc(fin)!='o' || getc(fin)!='\n' ) {
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:99:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delta = w - strlen(buf) - signspace;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/wref.c:244:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(b) + d1;
data/iraf-2.16.1+2018.11.01/unix/f2c/libf2c/xwsne.c:47:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (f__recpos+strlen(s)+2 >= L_len)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:67:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(s) + 2;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/cds.c:149:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(ebuf) + nd + 3;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/exec.c:418:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1702:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mkstrcon(strlen(np->fvarname), np->fvarname),
data/iraf-2.16.1+2018.11.01/unix/f2c/src/expr.c:1704:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mkstrcon(strlen(procname), procname),
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:340:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (storage);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:896:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrp->user.Charp = strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2168:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(buf); /* BSD doesn't return char transmitted count */
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2182:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += strlen(buf+k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2223:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc (infile) != '\n')
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2224:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc (infile);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2248:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc (fp)) != ' ')
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2255:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2287:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infile);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2408:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(*result = mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/format.c:2431:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*bufptr++ = getc (infile);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:440:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen (line) - 1] = '\0';
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:750:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (infile);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:759:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (infile);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:781:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc (infile); !feof (infile) && isspace (c); c = getc (infile))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:781:64: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc (infile); !feof (infile) && isspace (c); c = getc (infile))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/formatdata.c:787:35: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (*n = 0; isdigit (c); c = getc (infile))
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:902:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(s = np->fvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1417:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(buf) + strlen(comm->cextname)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1417:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(buf) + strlen(comm->cextname)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1418:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(np->cvarname);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1421:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += strlen(buf1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1432:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(buf) + strlen(s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1432:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(buf) + strlen(s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/io.c:1447:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = mem(strlen(s)+10,0);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:359:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = Alloc(k + strlen(name) + 1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:360:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, s0, k);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:366:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(name0) + 2;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:368:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s = I->datap);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:485:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fbuf, lastfile, sizeof(fbuf));
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:743:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( (c = getc(infile)) == '&')
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:766:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(infile)) != '\n')
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:824:46: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( !feof (infile) && (*pointer++ = c = getc(infile)) != '\n') {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:870:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(p=a; p<aend && (c=getc(infile)) != '\n' && c!=EOF; )
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:911:27: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( endcd<bend && (c=getc(infile)) != '\n' && c!=EOF )
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:922:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=getc(infile)) != '\n' && c != EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1674:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/lex.c:1711:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = s + strlen(s) + 1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/main.c:490:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = s + strlen(s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:166:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 += strlen(s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:180:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy(mem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:220:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:240:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = n1 = strlen(s1);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/mem.c:242:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(s2);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:338:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return( copyn( strlen(s)+1 , s) );
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:563:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextext->fextname = strcpy(gmem(strlen(f)+1,0), f);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:566:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: strcpy(gmem(strlen(s)+1,0), s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/misc.c:1172:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infp);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/output.c:1421:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy(mem(strlen(buf)+1,0), buf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:162:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length >= strlen (*argv)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:180:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (length >= strlen (*argv)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:359:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prefix_length = strlen (norm_prefix);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:360:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int string_length = strlen (norm_string);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:488:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(*store = str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:503:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:514:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:518:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:522:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/parse_args.c:526:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:198:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) < '0' || c > '9')
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:202:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == ' ') {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:307:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:324:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:332:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:351:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == EOF)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:394:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(pf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:414:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) == EOF) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:431:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(pf)) != '*') {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:439:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(pf)) != '*') {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:446:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(getc(pf)) {
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:703:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = Ptok + strlen(Ptok) - 1;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/pread.c:712:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, Ptok, n = s - Ptok);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:112:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(s);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1132:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namep->fvarname = strcpy(gmem(strlen(namep->fvarname)+1,0),
data/iraf-2.16.1+2018.11.01/unix/f2c/src/proc.c:1135:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? strcpy(gmem(strlen(namep->cvarname)+1,0), namep->cvarname)
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:127:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int k = strlen(tmpdir) + 24;
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:369:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
L += L1 = strlen(s = argv[i]);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:564:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = n1 = strlen(outbuf);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:571:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s+n, "/");
data/iraf-2.16.1+2018.11.01/unix/f2c/src/sysdep.c:640:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/iraf-2.16.1+2018.11.01/unix/f2c/src/xsum.c:183:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((n = read(x, (char *)Buf, sizeof(Buf))) > 0) {
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhpgl.c:158:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_END, strlen(DEV_END), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:169:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_INIT, strlen(DEV_INIT), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:183:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_END, strlen (DEV_END), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:185:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_INIT, strlen (DEV_INIT), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uhplj.c:209:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_END, strlen(DEV_END), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:196:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_INIT, strlen(DEV_INIT), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:215:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_FRAME, strlen(DEV_FRAME), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgi2uqms.c:247:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (DEV_END, strlen(DEV_END), 1, out);
data/iraf-2.16.1+2018.11.01/unix/gdev/sgidev/sgidispatch.c:50:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = strlen (translator);
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:132:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define getc xfgetc
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:133:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define getchar xfgetr
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:144:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define read xfread
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf32.h:151:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
define strlen xstrln
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:133:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define getc xfgetc
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:134:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define getchar xfgetr
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:145:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
define read xfread
data/iraf-2.16.1+2018.11.01/unix/hlib/iraf64.h:152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
define strlen xstrln
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:63:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define fgetc u_fgetc
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:102:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen u_strlen
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:103:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define strncat u_strnt /* collision */
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:105:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy u_strny /* collision */
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:155:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
extern char *strncat (char *s1, char *s2, int n);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:156:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern char *strncpy (char *s1, char *s2, int n);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:237:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern int fgetc (struct _iobuf *fp);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/libc.h:251:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (char *s);
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:79:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getchar() fgetc(stdin)
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:79:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getchar() fgetc(stdin)
data/iraf-2.16.1+2018.11.01/unix/hlib/libc/stdio.h:80:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getc(fp) \
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:75:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pathname, "/");
data/iraf-2.16.1+2018.11.01/unix/os/irafpath.c:92:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pathname, "/");
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:161:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (osfn, (char *)pkname, maxch);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:232:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, message, strlen(message));
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:263:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (osfn, (char *)valstr, maxch);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:267:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (osfn, IRAF, maxch);
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:287:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (osfn, ":");
data/iraf-2.16.1+2018.11.01/unix/os/net/kutil.c:340:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (ip);
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:124:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcp_write (s, num, strlen(num)+1);
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:139:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcp_write (s, name, strlen (name) + 1);
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:140:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcp_write (s, pass, strlen (pass) + 1);
data/iraf-2.16.1+2018.11.01/unix/os/net/rexec.c:141:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcp_write (s, cmd, strlen (cmd) + 1);
data/iraf-2.16.1+2018.11.01/unix/os/net/tcpread.c:21:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (s, buf, maxbytes);
data/iraf-2.16.1+2018.11.01/unix/os/tape.c:256:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read (tape, iobuf, nbytes);
data/iraf-2.16.1+2018.11.01/unix/os/zalloc.c:139:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)owner, pw->pw_name, *maxch);
data/iraf-2.16.1+2018.11.01/unix/os/zfacss.c:100:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fd >= 0 && (nchars = read (fd, buf, SZ_TESTBLOCK)) > 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfaloc.c:77:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen (patstr);
data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c:78:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)fs->fi_owner, owner, SZ_OWNERSTR);
data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c:87:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (owner, pw->pw_name, SZ_OWNERSTR);
data/iraf-2.16.1+2018.11.01/unix/os/zfinfo.c:88:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)fs->fi_owner, owner, SZ_OWNERSTR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:214:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((kfp->nbytes = read (fd, (char *)buf, *maxbytes)) > 0)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:488:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (vm_write (vm_server, buf, strlen(buf)) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:493:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (vm_server, buf, SZ_CMDBUF) <= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:558:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (vm_write (vm_server, buf, strlen(buf)) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:563:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (vm_server, buf, SZ_CMDBUF) <= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:607:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (vm_write (vm_server, buf, strlen(buf)) < 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:611:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (vm_server, buf, SZ_CMDBUF) <= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:632:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (vm_write (vm_server, vm_client, strlen(vm_client)) < 0)
data/iraf-2.16.1+2018.11.01/unix/os/zfiobf.c:635:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (vm_server, buf, SZ_CMDBUF) <= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:724:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (pin[0], obuf, SZ_LINE) > 0)
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:940:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read (fd, op, nbytes);
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1230:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (write (fd, obuf, strlen(obuf)+1));
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1266:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((stat = read (fd, &ch, 1)) <= 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1602:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (pathname, "/");
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1680:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(op) + 1;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1726:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(op) + 1;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1732:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(op) + 1;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1737:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(op) + 1;
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1913:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (tty, prompt, strlen(prompt));
data/iraf-2.16.1+2018.11.01/unix/os/zfioks.c:1931:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (tty, password, SZ_NAME);
data/iraf-2.16.1+2018.11.01/unix/os/zfiolp.c:109:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (lpstr, (char *)printer, SZ_LPSTR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:705:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read (fd, (char *)buf, mb);
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1200:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (mp->mtdev.statusdev, ",");
data/iraf-2.16.1+2018.11.01/unix/os/zfiomt.c:1398:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (fd, buf, maxrec);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:370:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sockaddr.sun_path,
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:474:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sockaddr.sun_path,np->path1,sizeof(sockaddr.sun_path));
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:476:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(np->path1);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:699:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (np->datain, (char *)buf, maxread);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:705:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (np->datain, (char *)buf, maxread);
data/iraf-2.16.1+2018.11.01/unix/os/zfiond.c:707:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read (np->datain, (char *)buf, maxread);
data/iraf-2.16.1+2018.11.01/unix/os/zfiopl.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (plstr, (char *)plotter, SZ_PLSTR);
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:256:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((pr_ionbytes[fd] = nbytes = read (fd, ibuf, maxch)) > 0) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:269:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (status = read (fd, &temp, 2)) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:288:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &temp, 2) != 2) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:310:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (status = read (fd, op, nbytes)) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiopr.c:344:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &temp, 1) <= 0)
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:169:6: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (maskval = umask (022));
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:169:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (maskval = umask (022));
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:338:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (*op++ = ch = getc(fp), ch != EOF) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:367:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (chan, data, 1) != 1) {
data/iraf-2.16.1+2018.11.01/unix/os/zfiotx.c:408:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc (fp);
data/iraf-2.16.1+2018.11.01/unix/os/zghost.c:21:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)outstr, namebuf, *maxch);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lpath[strlen(lpath)-1] != '/') {
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:118:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + 2);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:119:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lpath, "/");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:129:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 2);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:129:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 2);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:130:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lpath, " ");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:135:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 2);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:135:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 2);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:136:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lpath, " ");
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:141:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 11);
data/iraf-2.16.1+2018.11.01/unix/os/zgtenv.c:141:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpath = realloc(lpath, strlen(lpath) + strlen(rpath) + 11);
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:87:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy ((char *)osfn_bkgfile, "");
data/iraf-2.16.1+2018.11.01/unix/os/zmain.c:171:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (nchars + strlen(argv[arg]) > len_irafcmd) {
data/iraf-2.16.1+2018.11.01/unix/os/zopdir.c:208:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (dp->d_name);
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:38:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (msg, "\n");
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:43:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (msg, "\n");
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:45:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (2, msg, strlen(msg));
data/iraf-2.16.1+2018.11.01/unix/os/zpanic.c:53:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd, &msg[1], strlen(&msg[1]));
data/iraf-2.16.1+2018.11.01/unix/os/zwmsec.c:29:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
(void) usleep ((unsigned int)(*msec) * 1000);
data/iraf-2.16.1+2018.11.01/unix/os/zxwhen.c:346:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *)errmsg, os_errmsg, (int)*maxch);
data/iraf-2.16.1+2018.11.01/unix/os/zzstrt.c:59:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (osfn_bkgfile, "");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:38:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(int drivehandle, void *buffer, long nbytes);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:216:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(url) + 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:434:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlist = malloc(strlen(extlist) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:641:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) > FLEN_FILENAME - 1) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:682:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extspec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:839:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(url) + 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1517:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1519:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd) + strlen(tmpinfile) > FLEN_FILENAME-1) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1519:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd) + strlen(tmpinfile) > FLEN_FILENAME-1) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1556:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1651:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
else if (!strncpy(urltype, "stdin", 5) )
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:1999:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(clause1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2056:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2077:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strstr(colname+1, "#") == (colname + strlen(colname) - 1))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2089:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colname[strlen(colname)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2096:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strstr(colname, "#") == (colname + strlen(colname) - 1))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testname[strlen(testname)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2140:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname,")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2144:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(tstbuff) + strlen(colname) + 1) >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2144:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(tstbuff) + strlen(colname) + 1) >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2155:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2248:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2320:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2343:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2924:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ffflnm(fptr, filename+strlen(filename), status);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2926:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(filename+strlen(filename),FLEN_FILENAME+20-strlen(filename),"[%d]", hdunum-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:2926:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(filename+strlen(filename),FLEN_FILENAME+20-strlen(filename),"[%d]", hdunum-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3170:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen(keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3197:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen(keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3221:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen(keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3410:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(token,"*");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3414:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3452:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3477:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstbuff) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3876:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:3974:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(url) + 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5042:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (int driverhandle, void *buffer, long nbytes),
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5072:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(driverTable[no_of_drivers].prefix, prefix, MAX_PREFIX_LEN);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5088:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
driverTable[no_of_drivers].read = read;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5177:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(url);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5233:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(urltype, ptr1, ptr2 - ptr1 + 3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5294:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5305:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1) > FLEN_FILENAME - 1) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5359:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infile, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5377:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outfile, ptr2, ptr1 - ptr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5388:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infile, ptr1, ptr3 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5393:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5399:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5422:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jj = strlen(infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5455:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(extspec, ptr1, jj - infilelen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5473:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&infile[ii + 1]) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5489:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infile) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5569:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infilex) + strlen(ptr3) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5569:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infilex) + strlen(ptr3) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5582:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(extspec, "0"); /* the 0 ext number is implicit */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5591:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rowfilterx) + strlen(tmptr + 1) > FLEN_FILENAME -1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5591:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rowfilterx) + strlen(tmptr + 1) > FLEN_FILENAME -1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5805:20: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(extspec, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5823:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(rowfilter);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5860:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1 +1) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:5952:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(colspec, ptr1 + 1, collen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6039:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pixfilter, ptr1 + 1, collen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6070:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1 +1) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6105:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr2 = rowfilter + strlen(rowfilter) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rowfilter + 1) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6207:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(urltype, "-");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6212:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(urltype, "-");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6235:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(urltype, ptr1, ptr2 - ptr1 + 3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6278:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6293:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infile, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6309:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infile, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6323:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infile, ptr1, ptr3 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6327:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6341:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jj = strlen(infile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(urltype) + strlen(infile) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6369:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(urltype) + strlen(infile) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6434:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(urltype, ptr1, ptr2 - ptr1 + 3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6459:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outfile, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6465:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outfile, ptr1, ptr3 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6468:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1) > FLEN_FILENAME - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6493:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tpltfile, ptr2, ptr1 - ptr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6515:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(compspec, ptr3, ptr1 - ptr3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6631:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(extname, ptr1, slen); /* EXTNAME value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6711:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(imagecolname, ptr1, ptr2 - ptr1); /* copy column name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6732:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rowexpress, ptr2, ptr1 - ptr2); /* row expression */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6912:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6941:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( lines+totalLen, " "); /* add a space between lines */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6974:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(token, *ptr, slen); /* copy token */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:6983:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tval, token, 72);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7037:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(*token, *ptr, slen); /* copy token */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7045:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tval, *token, 72);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7250:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen((fptr->Fptr)->filename);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7351:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readstatus = (*driverTable[fptr->driver].read)(fptr->filehandle,
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfileio.c:7431:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "PCOUNT = 0", 30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1803:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfC(M,I,A,B,C) (B.clen=strlen(A),B.f.dsc$a_pointer=A, \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1808:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
B.dsc$w_length=strlen(A): (A[C-1]='\0',B.dsc$w_length=strlen(A), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1808:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
B.dsc$w_length=strlen(A): (A[C-1]='\0',B.dsc$w_length=strlen(A), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1811:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfC(M,I,A,B,C) (B.nombre=A,B.clen=strlen(A), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1814:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PSTRING_cfC(M,I,A,B,C) (C==sizeof(char*)? B=strlen(A): \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:1815:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(A[C-1]='\0',B=strlen(A),memset((A)+B,' ',C-B-1),B=C-1));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2207:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define RRRRPSTR( A,B,D) if (B) memcpy(A,B, _cfMIN(strlen(B),D)), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2208:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2208:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2208:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(D>strlen(B)?memset(A+strlen(B),' ', D-strlen(B)):0), _cf_free(B);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2314:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(AS->dsc$a_pointer,A0,_cfMIN(AS->dsc$w_length,(A0==NULL?0:strlen(A0))));\
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2315:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AS->dsc$w_length>(A0==NULL?0:strlen(A0))? \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2316:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(AS->dsc$a_pointer+(A0==NULL?0:strlen(A0)),' ', \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2317:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AS->dsc$w_length-(A0==NULL?0:strlen(A0))):0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2321:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(_fcdtocp(AS),A0, _cfMIN(_fcdlen(AS),(A0==NULL?0:strlen(A0))) ); \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2322:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_fcdlen(AS)>(A0==NULL?0:strlen(A0))? \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2323:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(_fcdtocp(AS)+(A0==NULL?0:strlen(A0)),' ', \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2324:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_fcdlen(AS)-(A0==NULL?0:strlen(A0))):0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2326:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRING_cfK memcpy(AS,A0, _cfMIN(D0,(A0==NULL?0:strlen(A0))) ); \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2327:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D0>(A0==NULL?0:strlen(A0))?memset(AS+(A0==NULL?0:strlen(A0)), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2327:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D0>(A0==NULL?0:strlen(A0))?memset(AS+(A0==NULL?0:strlen(A0)), \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/cfortran.h:2328:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
' ', D0-(A0==NULL?0:strlen(A0))):0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:205:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cptr) + strlen(filename+1) > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:205:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cptr) + strlen(filename+1) > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:213:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pwd->pw_dir) + strlen(cptr) > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:235:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pwd->pw_dir) + strlen(cptr) > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:263:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) + 7 > 1023)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:338:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cptr) > 200) /* guard against possible string overflows */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:360:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(cwd);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:361:52: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ((slen < FLEN_FILENAME) && cwd[slen-1] != '/') strcat(cwd,"/"); /* make sure the CWD ends with slash */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:365:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen = strlen(rootstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:372:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, cwd+rootlen, 50); /* limit length of user name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:384:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen = strlen(userroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:389:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen2 = strlen(userroot2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:769:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > FLEN_FILENAME - 5)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:848:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrfile.c:881:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:294:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:347:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cbuff = fgetc(stdin);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:408:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(jj = 0; (c = fgetc(stdin)) != EOF && jj < 2000; jj++)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:486:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(jj = 0; (c = fgetc(stdin)) != EOF && jj < 2000; jj++)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrmem.c:860:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rootfile, filename, cptr - filename); /* store the rootname */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:331:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(httpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:417:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(netoutfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:455:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(httpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:579:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(netoutfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:617:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(httpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:758:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(turl,url,MAXLEN - 8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:770:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(userpass, "");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:821:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encode64(strlen(userpass), userpass, MAXLEN, tmpstr2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:824:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:824:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:835:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:835:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:843:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:843:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstr) + strlen(tmpstr1) > MAXLEN - 1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:848:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:887:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpint = strlen(scratchstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:889:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpint = strlen(scratchstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:891:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpint = strlen(scratchstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:923:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scratchstr2) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:944:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scratchstr2) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:973:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(recbuf) > 3) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:974:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recbuf[strlen(recbuf)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:975:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recbuf[strlen(recbuf)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:988:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scratchstr) > SHORTLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1087:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(netoutfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1240:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlname = (char *)malloc(strlen(filename)+12);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1265:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curlErrBuf))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1291:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curlErrBuf))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1305:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curlErrBuf))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1332:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curlErrBuf))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1343:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(curlErrBuf))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1410:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXLEN - 4) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1439:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(ftpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1527:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(netoutfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1568:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(ftpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1693:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(netoutfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1725:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
firstchar = fgetc(ftpfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1861:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXLEN - 7) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1927:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(*sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1938:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(*sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1955:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1967:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(*sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1976:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(newfn)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:1985:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(*sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2028:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2037:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2046:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2075:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(newfn)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2093:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(*sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > MAXLEN - 7) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2209:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2220:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2237:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) == 0) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2249:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2258:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(newfn)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2267:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2310:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2319:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2328:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ip,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2357:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(newfn)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2375:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = NET_SendRaw(sock,tmpstr,strlen(tmpstr),NET_DEFAULT);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2518:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlcopyorig = urlcopy = (char *) malloc(strlen(url)+1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2525:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fn,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2577:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(urlcopy) > SHORTLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2598:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(urlcopy) > SHORTLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2616:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(urlcopy) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2643:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2657:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) { /* was an outfile specified? */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2682:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infile) + 3 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2701:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2741:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infile+2) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2760:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2808:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2848:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2886:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2922:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infile)+3 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2936:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infile)+2 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:2965:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile1)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3007:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(statusstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3288:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = root_send_buffer(handleTable[hdl].sock,ROOTD_GET,msg,strlen(msg));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3289:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned) status != strlen(msg)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3324:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3364:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(url)+7 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(getenv("ROOTUSERNAME")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3395:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recbuf[strlen(recbuf)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3398:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = root_send_buffer(*sock, ROOTD_USER, recbuf,strlen(recbuf));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3419:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(getenv("ROOTPASSWORD")) > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3428:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recbuf[strlen(recbuf)-1] = '\0';
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3431:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ii=0;(unsigned) ii<strlen(recbuf);ii++) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3435:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = root_send_buffer(*sock, ROOTD_PASS, recbuf, strlen(recbuf));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3454:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn)+strlen(rwmode)+1 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3454:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn)+strlen(rwmode)+1 > MAXLEN-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3460:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(recbuf," ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrnet.c:3463:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = root_send_buffer(*sock, ROOTD_OPEN, recbuf, strlen(recbuf));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:194:19: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldumask = umask(0);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:197:8: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldumask);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/drvrsmem.c:748:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(segname,"h");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:147:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(comment,"&"); /* special value to leave comments unchanged */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tform[ii]) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1454:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"X");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1456:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"B");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1458:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"L");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1460:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"A");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1462:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"I");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1464:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"J");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1466:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"K");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1468:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1470:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"D");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1472:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"C");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:1474:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcode,"M");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2572:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, &rec[1], 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2590:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(q, &rec[i1], 8 - i1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2607:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(q, rec, i1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2610:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(rec, " ", 8); /* erase old keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2611:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i1 = strlen(newkey);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/editcol.c:2612:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rec, newkey, i1); /* overwrite new keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:598:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TLOGICAL: strcat(tform,"L"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:599:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TLONG: strcat(tform,"J"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:600:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TDOUBLE: strcat(tform,"D"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:601:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TSTRING: strcat(tform,"A"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:602:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TBIT: strcat(tform,"X"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:603:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case TLONGLONG: strcat(tform,"K"); break;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:875:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lexpr = strlen(gParse.expr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:877:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lexpr = strlen(expr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:881:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(gParse.expr + lexpr,"\n");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_f.c:2328:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(varInfo->name,colName,MAXVARNAME);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:813:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( ffin )) != EOF && c != '\n'; ++n ) \
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:989:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:993:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fflval.str,&fftext[1],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1005:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1010:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errMsg, &(fftext[0]), 20);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1018:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstring,&fftext[1],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1069:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1074:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errMsg, &(fftext[0]), 20);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1082:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstring,&fftext[1],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1206:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext) - 3;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1208:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fflval.str+1,&fftext[2],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1221:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1226:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errMsg, &(fftext[1]), 20);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1231:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fflval.str,&fftext[1],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1244:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fftext) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:1245:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fflval.str,&fftext[1],len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_l.c:2113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ff_scan_bytes(ffstr,strlen(ffstr) );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:1558:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define ffstrlen strlen
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:2248:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ffval.Node) = New_Const( BITSTR, (ffvsp[(1) - (1)].str), strlen((ffvsp[(1) - (1)].str))+1 ); TEST((ffval.Node));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:2249:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SIZE((ffval.Node)) = strlen((ffvsp[(1) - (1)].str)); }
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:3448:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ (ffval.Node) = New_Const( STRING, (ffvsp[(1) - (1)].str), strlen((ffvsp[(1) - (1)].str))+1 ); TEST((ffval.Node));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:3449:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SIZE((ffval.Node)) = strlen((ffvsp[(1) - (1)].str)); }
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:7508:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (src_len == 0) src_len = strlen(str);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8071:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(bits1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8072:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(bits2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8134:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(bitstrm1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8135:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(bitstrm2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8177:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(bitstrm1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8178:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(bitstrm2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8219:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(bits);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8233:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(bitstrm1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8234:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(bitstrm2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8339:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (src_len == 0) { src_len = strlen(src_str); } /* .. if constant */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/eval_y.c:8372:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg, s, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:94:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cols[i].colname,colname[i],70);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:179:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(k=strlen( sptr[j] );k<slen[nstr];k++)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:398:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*vlen = strlen(B3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:468:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(comm);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/f77_wrap4.c:471:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comm1,comm,len-1); /* Don't copy '&' */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:792:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(msgptr))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:817:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(txtbuff[nummsg], msgptr, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:820:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgptr += minvalue(80, strlen(msgptr));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:904:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxchr=strlen(keyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:970:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxchr = strlen(card);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:981:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (NULL char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:981:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (NULL char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:983:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (TAB char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:983:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (TAB char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:985:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Line Feed char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:985:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Line Feed char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:987:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Vertical Tab)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:987:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Vertical Tab)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:989:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Form Feed char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:989:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Form Feed char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:991:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Carriage Return)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:991:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Carriage Return)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:993:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Escape char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:993:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Escape char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:995:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msg, " (Delete char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:995:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msg, " (Delete char.)",FLEN_ERRMSG-strlen(msg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:999:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg, card, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1015:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1049:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1050:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(tmpname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1106:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cptr) > maxlen) maxlen = strlen(cptr); /* find longest token */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1106:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cptr) > maxlen) maxlen = strlen(cptr); /* find longest token */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1171:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, value, 80 - namelen); /* append the value string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1208:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(card, " ", 30 - (namelen + len));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1211:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, value, 80 - namelen); /* append the value string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1218:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len < 77) && ( strlen(comm) > 0) ) /* room for a comment? */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1221:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, comm, 77 - len); /* append comment (what fits) */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1232:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, comm, 80 - namelen); /* append comment (what fits) */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1268:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tcard,card,80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1271:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tcard);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1311:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1323:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix) + strlen(keyname) > 8)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1323:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix) + strlen(keyname) > 8)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1342:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1349:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rootlen + strlen(keyname) > 8)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1377:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cardlen = strlen(card);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1522:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nblank == strlen( &card[ii] ) )
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1530:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, &card[ii], nblank);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1537:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, &card[ii], nblank);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1558:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jj=strlen(comm);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1607:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, tmplt, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1638:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1655:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1663:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card, "+");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1693:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&card[40], tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1710:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&card[40], tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1722:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyname, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1739:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyname, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1757:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, tok, 72);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1776:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, tok, len + 2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1790:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1797:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1832:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(value, "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1833:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, tok, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1834:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1865:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1870:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(value, " ", 10 - vlen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1871:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(&value[9], "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:1875:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(comment, tok, 70);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2172:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxchr = strlen(rec);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2643:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&tform[ii]) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2791:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar = strlen(tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:2992:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar = strlen(tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3006:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(&tform[ii]) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3189:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "s");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3193:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "f");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3195:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3197:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3233:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "s");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3235:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "d");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3237:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "o");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3239:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "X");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3241:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "f");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3243:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3245:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3247:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cform, "G");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3430:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, templt, FLEN_VALUE); /* copy strings to work area */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3431:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(col, colname, FLEN_VALUE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3436:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ii = strlen(temp) - 1; ii >= 0 && temp[ii] == ' '; ii--)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:3439:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ii = strlen(col) - 1; ii >= 0 && col[ii] == ' '; ii--)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4092:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dtype, "P"); /* variable length columns */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4097:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "X");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4099:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "B");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4101:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "L");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4103:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "A");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4105:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "I");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4107:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "J");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4109:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "K");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4111:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "E");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4113:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "D");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4115:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "C");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4117:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dtype, "M");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4304:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,card,8); /* first 8 characters = the keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:4804:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5013:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5270:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(colptr->tform, tvalue, 9); /* copy TFORM to structure */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:5388:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(colptr->strnull, tvalue, 17); /* copy TNULL string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6669:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newform, "'");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6672:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenform = strlen(tform);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6679:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lenform+strlen(lenval)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6687:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(newform) < 9)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6688:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newform," "); /* append spaces 'till length = 8 */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:6689:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newform,"'" ); /* append closing parenthesis */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7811:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(hduname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7839:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:7858:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:8172:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, tcard, 8); /* copy the keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:8830:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9063:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9124:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9185:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9222:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9284:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9331:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9362:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,25);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9410:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,23);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9462:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,25);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9518:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(instr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9577:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cval) > 72)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9602:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9617:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9653:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cval) > 72)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9677:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/fitscore.c:9692:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg,cval,30);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolb.c:1920:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcold.c:1594:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcole.c:1596:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoli.c:1822:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:1806:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolj.c:3715:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolk.c:1815:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:138:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii], "T");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:140:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii], "F");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:142:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii],"N");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:182:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii], "(");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:194:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:195:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(array[ii], ",");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:208:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:209:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(array[ii], ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:249:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii], "(");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:261:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:262:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(array[ii], ",");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:275:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:276:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(array[ii], ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:300:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpnull, nulval,79);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:302:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nulwidth = strlen(tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:304:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmpnull, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:314:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpnull, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:333:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, 20);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:358:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpnull, nulval, 79);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:360:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nulwidth = strlen(tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:362:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmpnull, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:372:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpnull, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:391:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, 20);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:493:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpnull, nulval,79);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:495:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nulwidth = strlen(tmpnull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:497:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmpnull, " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:523:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpnull, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:536:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(tmpstr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:542:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(array[ii], tmpstr, dwidth);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:807:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull); /* length of the undefined pixel string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcols.c:892:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(array[ii], " ");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolsb.c:1905:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcolui.c:1827:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:1827:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluj.c:3755:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getcoluk.c:1835:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nullen = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:117:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(block);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:506:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(keyname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:658:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = strlen(string);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:718:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(name, ptr1, ptr2 - ptr1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:840:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:846:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:853:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length += strlen(value) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:912:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commspace = FLEN_COMMENT - strlen(comm) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:923:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*value = (char *) malloc(strlen(valstring) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:926:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:938:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(valstring) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:950:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(comm, " ", 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:951:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(comm, nextcomm, commspace);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:952:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commspace = FLEN_COMMENT - strlen(comm) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1016:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commspace = FLEN_COMMENT - strlen(comm) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1027:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempstring = (char *) malloc(strlen(valstring) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1030:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tempstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1042:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(valstring) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1054:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(comm, " ", 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1055:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(comm, nextcomm, commspace);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1056:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commspace = FLEN_COMMENT - strlen(comm) - 2;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1068:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tempstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1070:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, tempstring + (firstchar - 1), maxchar);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1123:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "D2345678= ", 10); /* overwrite a dummy keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1465:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1491:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1544:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1572:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1625:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1653:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1706:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1734:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1787:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1815:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1868:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenroot = strlen(keyroot);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:1895:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyindex, &card[lenroot], equalssign - card - lenroot); /* copy suffix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/getkey.c:3448:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(keyname, keybuf, 8); /* copy the keyword name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:220:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(grpname != NULL && strlen(grpname) > 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1480:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(memberFileName) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1546:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(memberLocation)+strlen(memberFileName)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1546:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(memberLocation)+strlen(memberFileName)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1553:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(memberLocation,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1575:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(groupLocation)+strlen(groupFileName)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1575:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(groupLocation)+strlen(groupFileName)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1583:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(groupLocation,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1687:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(memberExtname) != 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1794:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0 < strlen(cwd)) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1805:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp)+strlen(groupLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1805:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp)+strlen(groupLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1812:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1825:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp)+strlen(groupLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1825:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp)+strlen(groupLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:1832:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2269:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(mbrLocation1) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2453:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2454:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2454:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2523:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2523:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2530:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2651:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(xtension) > 0 && strlen(extname) > 0 && extver > 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2651:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(xtension) > 0 && strlen(extname) > 0 && extver > 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:2808:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(extname) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3165:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3165:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3172:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grpLocation3,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3181:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3181:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3188:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grpLocation3,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3292:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grplc)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3292:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grpLocation3)+strlen(grplc)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3299:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grpLocation3,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3975:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(mbrLocation1) != 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:3981:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*status == MEMBER_NOT_FOUND && strlen(mbrLocation2) != 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4137:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(tmpLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4137:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(tmpLocation)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4143:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4245:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(mbrLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4245:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(mbrLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4252:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(mbrLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4262:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(mbrLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4269:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4294:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4294:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation1)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4301:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4336:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4336:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwd)+strlen(grpLocation2)+1 >
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4343:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4985:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(keyvalue) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:4998:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(keyvalue) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5072:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0, j = 0, size = strlen(inpath), buff[0] = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5073:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i < size; j = strlen(buff))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5088:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5147:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0, j = 0, size = strlen(inpath), buff[0] = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5148:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i < size && j < FLEN_FILENAME - 8; j = strlen(buff))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5165:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff,"FILE://",7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5181:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5302:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0, j = 0, firstColon = 1, size = strlen(inpath), buff[0] = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5303:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i < size; j = strlen(buff))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5326:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5443:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(outpath,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5484:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outpath,"\\");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5489:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpath[strlen(outpath)-1] = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5534:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outpath) == 0) strcat(outpath,"[");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5534:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(strlen(outpath) == 0) strcat(outpath,"[");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5538:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strcmp(tmpStr,".") == 0 && strlen(outpath) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5554:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(outpath);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5573:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(outpath) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5576:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outpath,"[");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5578:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outpath,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5584:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outpath,".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5609:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outpath,":");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5614:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpath[strlen(outpath)-1] = 0;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5756:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outfile)) strcpy(tmpStr1,outfile);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5968:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tmpStr1) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5976:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(realURL,tmpStr1,i);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5990:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tmpStr2) == 0)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:5998:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(startURL,tmpStr2,i);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6082:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outURL, inURL, string_size);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6096:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if('/' == *inURL) strcat(outURL, "/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6119:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outURL) + strlen(tmp) + 1 > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6119:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outURL) + strlen(tmp) + 1 > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6128:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outURL, "/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6130:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outURL[strlen(outURL) - 1] = 0; /* blank out trailing / */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6288:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
refsize = strlen(refURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6289:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abssize = strlen(absURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6324:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(relURL)+3 > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6335:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(relURL) + strlen(absURL+abscount) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6335:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(relURL) + strlen(absURL+abscount) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6387:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(refURL) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6425:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpStr)+strlen(relURL) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6425:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpStr)+strlen(relURL) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6451:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(absURL,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6455:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(absURL) + 1 > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6462:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(absURL,"/");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6470:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(tmpStr1 = tmpStr, i = strlen(absURL);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6508:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpStr)+strlen(relURL) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/group.c:6508:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpStr)+strlen(relURL) > FLEN_FILENAME-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = ngp_alloc(strlen(extname) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:171:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = ngp_alloc(strlen(extname) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:224:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = getc(fp); /* get next character */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:392:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( fits_strncasecmp("HIERARCH",p,strlen("HIERARCH")) == 0 )
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:531:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(envfiles, envar, NGP_MAX_ENVFILES - 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:536:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)ngp_alloc(strlen(fname) + strlen(p2) + 2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:536:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)ngp_alloc(strlen(fname) + strlen(p2) + 2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:541:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cp, "\\"); /* abs. pathname for MSDOS */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:544:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cp, "/"); /* and for unix */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:564:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = ngp_alloc(strlen(fname) + strlen(ngp_master_dir) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:564:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = ngp_alloc(strlen(fname) + strlen(ngp_master_dir) + 1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:632:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen(ngp_curline.name); k++)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:712:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(ngp_linkey.comment, ngp_curline.comment, NGP_MAX_COMMENT); /* store comment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:719:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ngp_linkey.name, ngp_curline.name, NGP_MAX_NAME); /* and keyword's name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:722:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ngp_linkey.name) > FLEN_KEYWORD) /* WDP: 20-Jun-2002: mod to support HIERARCH */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:754:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(nm[j]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:891:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ ngph->tok[ngph->tokcnt].value.s = (char *)ngp_alloc(1 + strlen(newtok->value.s));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:990:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default: l = strlen(ngp_linkey.name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:997:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((l - 1) == (int)strlen(incrementor_name)) && (0 == memcmp(incrementor_name, ngp_linkey.name, l - 1)))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1155:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(grnm, ngp_linkey.value.s, NGP_MAX_STRING);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1170:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default: l = strlen(ngp_linkey.name);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1177:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((l - 1) == (int)strlen(incrementor_name)) && (0 == memcmp(incrementor_name, ngp_linkey.name, l - 1)))
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1270:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(ngp_template) - 1; i >= 0; i--) /* strlen is > 0, otherwise fopen failed */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/grparser.c:1310:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(grnm, ngp_linkey.value.s, NGP_MAX_STRING); }
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:155:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(colname[ii], ptr, slen); /* copy 1st column name */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:392:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:433:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:456:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:481:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:511:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:988:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "X");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:990:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "Y");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:992:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "Z");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:994:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "T");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1003:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii], FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1003:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii], FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1015:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1015:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1027:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1027:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1045:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1045:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1072:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1072:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1395:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card,"_");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1412:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card,"_");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1429:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card,"_");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1446:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card,"_");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1637:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "X");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1639:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "Y");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1641:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "Z");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1643:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(colname[ii], "T");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1652:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1652:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1667:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1667:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1679:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1679:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1714:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1714:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1754:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:1754:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errmsg, colname[ii],FLEN_ERRMSG-strlen(errmsg)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/histo.c:2041:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(svalue,"_");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:5188:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((infptr->Fptr)->zcmptype, value, 11);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8032:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "ZNAXIS1", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8036:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "ZNAXIS2", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8040:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "ZPCOUNT", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8406:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(results[ii],tempstring, 29-strlen(results[ii]));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8406:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(results[ii],tempstring, 29-strlen(results[ii]));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8533:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(results[ii],tempstring,29-strlen(results[ii]));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8533:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(results[ii],tempstring,29-strlen(results[ii]));
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "NAXIS1 ", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8669:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "NAXIS2 ", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/imcompress.c:8673:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(card, "PCOUNT ", 7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:576:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy (endline,"END", 3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:624:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fitsheader, endline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:711:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lstr = strlen (objname)) < 8) {
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:811:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:823:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:853:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:864:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, fitsline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:880:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fhead, endline, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:889:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (endline," ",3);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:891:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (fp, endline,80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:972:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:975:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:990:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:993:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1010:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy (newpixname, hdrname, SZ_IM2PIXFILE);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1011:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (newpixname);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1332:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) > 29)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1374:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lval = strlen (value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1378:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, value, lstr-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1429:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keyword,keyword0, sizeof(keyword)-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1454:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line,vpos,80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1589:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkey = strlen (keyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1684:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkey = strlen (keyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1727:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls1 = strlen (s1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1751:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls2 = strlen (s2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1840:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (value, "T");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1842:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (value, "F");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1869:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcval = strlen (cval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1875:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (&value[1],cval,lcval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1908:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkeyword = strlen (keyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1909:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lval = strlen (value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1920:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, v1, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1923:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1,keyword,7);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1930:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1+9,value,lval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1949:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, ve, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1959:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, v1, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1975:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newcom, c1+1, lcom);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1979:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcom = strlen (newcom);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:1992:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1, keyword, lkeyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2001:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, value, lval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2009:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, value, lval);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2020:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vp, newcom, lcom);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2046:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lkeyword = strlen (keyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2055:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v2, v1, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2060:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (v1, keyword, lkeyword);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2074:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (line, v1, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2088:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (c0, "/ ",2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2092:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcom = strlen (comment);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/iraffits.c:2098:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (c1, comment, lcom);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:449:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:457:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:537:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newcomm, "[");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:538:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newcomm, unit, 45); /* max allowed length is about 45 chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:540:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(newcomm);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:558:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newcomm, loc, len); /* concat remainder of comment */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:562:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newcomm, oldcomm, len); /* append old comment onto new */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:567:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newcomm, oldcomm, len);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:591:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring," "); /* create a dummy value string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:647:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(valstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:655:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(valstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:708:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comm, incomm, FLEN_COMMENT-1);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:719:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remain = strlen(value); /* number of characters to write out */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:733:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpkeyname, keyname, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:743:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:762:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstring, &value[next], nchar); /* copy string to temp buff */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:768:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(valstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:783:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&card[8], " ", 2); /* overwrite the '=' */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:990:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:992:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1000:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1000:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1006:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1035:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1037:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1045:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1045:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1051:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1080:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1082:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1090:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1090:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1096:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1125:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1127:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1135:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1135:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1141:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1167:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring," "); /* create a dummy value string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1217:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remain = strlen(value); /* number of characters to write out */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1232:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpkeyname, keyname, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1242:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1261:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstring, &value[next], nchar); /* copy string to temp buff */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1267:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(valstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1282:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&card[8], " ", 2); /* overwrite the '=' */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1430:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1432:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1440:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1440:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1446:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1467:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1469:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1477:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1477:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1483:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1505:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1507:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1515:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1515:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1521:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1542:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1544:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpstring)+3 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1552:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1552:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring) + strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1558:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1609:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff2, card, 80); /* copy card to output buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1612:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buff2);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1704:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1712:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1764:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/modkey.c:1772:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:901:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(col->colname, colname,69);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:941:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(col->colname, colname,69);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcol.c:1721:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(col[jj].null.stringnull, nullstr, rept);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcols.c:68:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar = maxvalue(1,strlen(array[0])); /* will write at least 1 char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:167:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:171:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cstring, snull, leng); /* copy null string to temp buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:408:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng = strlen(snull);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putcolu.c:412:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cstring, snull, leng); /* copy null string to temp buffer */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:150:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(template); /* get string length */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:156:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyname, card, 8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:161:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newname, &card[40], 8);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:306:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tcard,card,80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:309:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tcard);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:358:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring," "); /* create a dummy value string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:414:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remain = maxvalue(strlen(value), 1); /* no. of chars to write (at least 1) */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:416:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commlen = strlen(comm);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:422:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tstring, value, 68); /* copy 1st part of string to temp buff */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:432:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpkeyname, keyname, 80);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:442:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:459:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tstring, &value[next], nchar); /* copy string to temp buff */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:464:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(valstring);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:483:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&card[8], " ", 2); /* overwrite the '=' */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:501:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tstring, &value[next], 68); /* copy next part of string */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:753:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:755:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:755:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:763:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:763:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:769:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:794:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:796:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:796:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:804:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:804:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:810:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:835:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:837:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:837:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:845:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:845:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:851:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:876:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "(" );
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:878:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:878:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+2 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:886:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:886:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(tmpstring)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:892:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(valstring, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:929:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(cptr) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:929:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(valstring)+strlen(cptr) > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:957:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:963:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, &comm[ii], 72);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:986:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(history);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:992:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(card, &history[ii], 72);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1024:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(card, ")");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1188:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1394:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(datestr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1562:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1571:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1621:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1630:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1681:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1690:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1739:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1748:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1798:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1807:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1857:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1866:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1916:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1925:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1975:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(comm[0]);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:1984:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tcomment, comm[0], len-1); /* don't copy the final '&' char */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2052:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tdimstr, "("); /* start constructing the TDIM value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2057:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tdimstr, ","); /* append the comma separator */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2067:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdimstr)+strlen(value)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2067:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdimstr)+strlen(value)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2100:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tdimstr, ")" ); /* append the closing parenthesis */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2152:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tdimstr, "("); /* start constructing the TDIM value */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2157:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tdimstr, ","); /* append the comma separator */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2170:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdimstr)+strlen(value)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2170:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tdimstr)+strlen(value)+1 > FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2203:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tdimstr, ")" ); /* append the closing parenthesis */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2561:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tform[ii]) > 29)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2686:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tform[ii]) > 29)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2995:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cval,"T");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:2997:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cval,"F");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3027:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(instr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3153:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( !strchr(cval, '.') && !strchr(cval,'E') && strlen(cval) < FLEN_VALUE-1 )
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3156:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cval, ".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3261:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( !strchr(cval, '.') && !strchr(cval,'E') && strlen(cval) < FLEN_VALUE-1)
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/putkey.c:3264:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cval, ".");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:109:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen(currLine);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:121:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen += strlen(currLine+lineLen);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/region.c:327:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen( namePtr ) - 1;
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/scalnull.c:226:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(colptr->strnull, nulstring, 19); /* limit string to 19 chars */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:379:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type, &ctype[4], 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:664:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type, &ctype[4], 4);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:847:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:852:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:858:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:869:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:870:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:879:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:880:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:887:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:889:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:896:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:898:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:905:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:907:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:914:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:916:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:923:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:925:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:932:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(valstring, "1");
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:934:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:945:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 50); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:954:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:955:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:964:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:965:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:974:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:975:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:984:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:985:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:994:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:995:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1004:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1005:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1014:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1015:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1024:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1025:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1034:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cptr);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1035:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 80 - length); /* pad with blanks */
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/wcssub.c:1040:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cptr, blanks, 77);
data/iraf-2.16.1+2018.11.01/vendor/cfitsio/zlib/zuncompress.c:143:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ifname, filename, 127);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcompress.c:44:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votconcat.c:50:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcopy.c:90:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votcopy.c:168:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (&in_str[start]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votdump.c:45:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:158:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:184:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (argv[i][0] == '+' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:391:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (fd, buf, sz);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:723:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) read (dfd, buf, 1024);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votget.c:762:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str) / 4;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votinfo.c:151:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((result ? result : ""));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/votinfo.c:156:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (result);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/xx.c:42:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argv[i][0] == '-' && strlen (argv[i]) > 1) {
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:127:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (cell)) > widths[j])
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:168:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "A");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:174:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "E");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:180:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "D");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:186:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "J");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/examples/zz.c:341:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = strlen (tform) - 1;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:73:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:73:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:83:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:83:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:88:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:88:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (attr->value, value, min (strlen (value), SZ_ATTRVAL));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:120:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = (char *) calloc (SZ_ATTRNAME, strlen(attr->value)+1);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:122:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, attr->value, strlen (attr->value));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:122:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (value, attr->value, strlen (attr->value));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:158:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out, " ");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votAttr.c:162:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out, "\"");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:48:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name_str, name, (SZ_ATTRNAME - 1));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:124:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name_str, name, (SZ_ATTRNAME - 1));
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:189:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = (cur->content ? strlen (cur->content) : 0);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votExpatCB.c:205:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (cur->content, ip, len);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:277:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (&arg[7]);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:286:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arg);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:297:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arg);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2466:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (value) + 1;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2480:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (cur->content, value, len);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2828:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen (cell)) > widths[j])
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2880:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "A");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2886:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "E");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2892:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "D");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2899:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "I");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2905:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "J");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:2911:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tform[i], "J");
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3089:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = strlen (tform) - 1;
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3725:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (src->content);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse.c:3729:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new->content, src->content, len);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:702:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
spad ( strncpy (type, _val, *len), *len );
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1128:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
spad ( strncpy (value, _val, *maxch), *maxch);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1378:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
spad ( strncpy (value, _val, *maxch), *maxch);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1424:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rlen = strlen (res); /* found a value */
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1425:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (val, res, rlen);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1607:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (newstr, instr, len);
data/iraf-2.16.1+2018.11.01/vendor/libvotable/votParse_f77.c:1630:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(outstr); i < len; i++)
ANALYSIS SUMMARY:
Hits = 6524
Lines analyzed = 355792 in approximately 13.24 seconds (26865 lines/second)
Physical Source Lines of Code (SLOC) = 252925
Hits@level = [0] 1985 [1] 1670 [2] 3303 [3] 55 [4] 1460 [5] 36
Hits@level+ = [0+] 8509 [1+] 6524 [2+] 4854 [3+] 1551 [4+] 1496 [5+] 36
Hits/KSLOC@level+ = [0+] 33.6424 [1+] 25.7942 [2+] 19.1915 [3+] 6.13225 [4+] 5.9148 [5+] 0.142335
Symlinks skipped = 8 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.