Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/king-probe-2.16.160404+git20200121.9b198c1/abin.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/abin.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/dots.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/dots.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/geom3d.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/geom3d.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/parse.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/parse.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/probe.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/probe.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/select.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/select.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.h Examining data/king-probe-2.16.160404+git20200121.9b198c1/utility.c Examining data/king-probe-2.16.160404+git20200121.9b198c1/utility.h FINAL RESULTS: data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:462:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg,"syntax: unknown identifier: %s", s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:743:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(SymTable[LastSymEntry].lexptr, s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:927:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%s\"%s\"", s, lexString(tokenval)); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:930:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%s%d", s, tokenval); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:933:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%s%g", s, realtokval); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:936:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%sNOT", s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:939:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%sWITHIN", s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:942:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%s(end of pattern)", s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:945:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatstring,"%s\'%c\'", s, lookahead); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:517:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "For more information see %s", electronicReference); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:834:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:908:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:989:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1048:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1119:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extrastr,"%s",groupLabel?groupLabel:"dots"); /*060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1180:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(dontQuote?" %s":" \"%s\""), argv[i]); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1896:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "%s flag instead of filename after -AUTObondrot", p); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1911:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "could not open -AUTOBONDROT file: %s", p); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1925:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "Please cite: %s", referenceString); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1927:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "For more information see %s", electronicReference); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1938:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "unrecognized flag, %s", p); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1971:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputfilename,p); /*dcr041023*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1978:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "could not open file %d: %s", file, p); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1998:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputfilename,p); /*dcr041023*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2005:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "could not open file %d: %s", file, p); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2291:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevChain, a->r->chain); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2344:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevChain, a->r->chain); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2602:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "atom %s will be treated as oxygen", a->atomname); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4823:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extraMstr," master={%s}",extrastr); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5078:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pointid, "%s%c%s%s%c%s %s%c%s%s%c%s GAP %6.3f", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5088:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pointid, "%s%c%s%s%c%s", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5096:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lastpointid, pointid); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5533:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sourceCurStart,"%s%4.4s%c%s %s%c",source->r->chain,source->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5542:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sourceCurEnd,"%s%4.4s%c%s %s%c",source->r->chain,source->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5569:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(minTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5579:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(jTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5584:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(minTarget,jTarget); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5616:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prevTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5621:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nextTarget,"%s%4.4s%c%s %s%c",target->r->chain,target->r->Hy36resno, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6652:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message,"%s",inputfilename); data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char atomname[5]; data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Hy36resno[5]; /* Hybrid 36 residue number */ data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segid[5]; /* segment identifier */ data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resname[5]; /* residue name */ data/king-probe-2.16.160404+git20200121.9b198c1/abin.h:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[5]; /* peptide chain code */ data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:78:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resn[6]; data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:79:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[5] = " "; data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:81:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(resn, ":%-3.3s:", resname); data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:387:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warnstr[5]={'_','_','_','_','\0'}; /*dcr041007*/ data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:388:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warnresn[5]={'_','_','_','_','\0'}; /*rmi070719*/ data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char XFworkBuf[MAX_XF_REC_LEN + 1]; data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:143:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if2 = fopen(s+1, "r"); data/king-probe-2.16.160404+git20200121.9b198c1/autobondrot.c:943:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, "%g ", xdb->level[i]->currVal); data/king-probe-2.16.160404+git20200121.9b198c1/hybrid_36_c.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:27:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lexbuf[LXBUFSZ+1] = {0}; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:28:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Lexemes[LEXSTRINGMAX] = {0}; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:144:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:151:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:461:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:565:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:616:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:619:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg,"expect match code: %d", t); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:192:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char inputfilename[256]; /*dcr041023 global, subroutines can report it*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:246:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:270:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "No atom data in input."); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:279:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "density: %g, probe radius: %g, maxBonded: %d", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:282:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "regular HB cutoff: %g, charged HB cutoff: %g", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:285:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:290:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "Add %g to VDW Rradius", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:295:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "Scale VDW Rradius by %g", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:299:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "C=O carbon VDW scaled by %.3f to a radius of %g A", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:303:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "Score Weights: gapWt=%g, bumpWt=%g, HBWt=%g", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:308:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "draw spike, len: %g", spikelen); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:315:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "CH..O type hbonds recognized (scale factor %g)", CHOHBfactor); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:394:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "specified src model==%d", modelSrc); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:402:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "specified targ model==%d", modelTarg); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:698:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extrastr[32]; /*060129 for extra master to control orig vs fitted dots*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1443:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, message[200]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1532:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "invalid scale factor: -scalevdw%g", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1541:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "invalid vdw offset: -addvdw%g", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1682:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1902:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(p, "r"); /*p holds autobondrot input file name*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1968:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(p, "r"); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:1995:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(p, "r"); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2262:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prevChain[5]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2310:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prevChain[5]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:2574:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4776:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptm[2] = {' ','\0'}; /*20120120dcr ptmaster for bval*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4784:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mast[NODEWIDTH] = {"wide contact", "close contact", "weak H-bonds", "small overlap", "bad overlap", data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4788:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extraMstr[32]; /*fill below with extra master name 060129*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4789:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pointid[100], lastpointid[100]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4790:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptmast[7]={'\0','\0','\0','\0','\0','\0','\0'}; /*111020dcr 6 to 7 */ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4797:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gapnamestr[22] = data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:4805:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strcName[6]; /*first nendstr char of inputfilename 20120120dcr*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5270:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mast[NODEWIDTH] = {"WC", "CC", "WH", "SO", "BO", "WO", "HB"}; /* 04/15/2015 SJ changed to match new NODEWIDTH, see probe.h*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5334:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mast[NODEWIDTH] = {"wide contact", "close contact", "weak H-bonds", "small overlap", "bad overlap", "worse overlap", "H-bonds"}; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5418:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mast[NODEWIDTH] = {"wc","cc","wh","so","bo","wo","hb"}; /* 04/10/2015 SJ to changed to match new categories of weak H bonds and worse overlap (these lists are made only if LweakHbonds and LworseOverlap are true respectively). see NODEWIDTH probe.h*/ data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5521:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sourceCurStart[20],sourceCurEnd[20]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minTarget[20],jTarget[20],prevTarget[20],nextTarget[20]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:5670:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mast[NODEWIDTH] = {"wide_contact","close_contact","weak_H-bond","small_overlap","bad_overlap","worse_overlap","H-bond"}; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6282:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(newH->atomname, " H? "); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6548:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6658:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":CONTACT: WIDE : CLOSE : weak H-bonds : SMALL : BAD : WORSE : H-BOND :\n"); data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6660:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":MCMC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :" data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6664:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":SCSC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :" data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6668:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":MCSC :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :" data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6672:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":OTHER :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :" data/king-probe-2.16.160404+git20200121.9b198c1/probe.c:6676:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message,":SUM :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :%9ld :" data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char globPDBrec[PDBRECSIZE + 1]; data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:48:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linecard[5]; data/king-probe-2.16.160404+git20200121.9b198c1/select.c:677:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. default: { char msg[100]; data/king-probe-2.16.160404+git20200121.9b198c1/select.c:678:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "unknown pattern type: %d", pat->type); data/king-probe-2.16.160404+git20200121.9b198c1/stdconntable.c:2642:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char querystring[10], *p; data/king-probe-2.16.160404+git20200121.9b198c1/atomprops.c:405:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(atstr)==1) data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:730:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:815:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(lexString(pat->val))<3)?"*":"")); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:822:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(lexString(pat->val))<4)?"*":"")); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:826:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(lexString(pat->val))<4)?"*":"")); data/king-probe-2.16.160404+git20200121.9b198c1/parse.c:833:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(lexString(pat->val))<3)?"*":"")); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:56:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(inf); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:101:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(inf); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:120:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strncmp(line, "ATOM", 4) == 0) && (strlen(line) >= 47); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:128:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strncmp(line, "HETA", 4) == 0) && (strlen(line) >= 47); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:143:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strncmp(line, "TER", 3) == 0) && (strlen(line) >= 27); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:151:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strncmp(line, "MODEL", 5) == 0) && (strlen(line) >= 14); data/king-probe-2.16.160404+git20200121.9b198c1/readPDBrecs.c:255:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int reclen = strlen(line); data/king-probe-2.16.160404+git20200121.9b198c1/select.c:641:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case CHAIN_NODE: lp = strlen(lexString(pat->val)); data/king-probe-2.16.160404+git20200121.9b198c1/select.c:648:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case RTYPE_NODE: lp = strlen(lexString(pat->val)); data/king-probe-2.16.160404+git20200121.9b198c1/select.c:653:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case ANAME_NODE: lp = strlen(lexString(pat->val)); data/king-probe-2.16.160404+git20200121.9b198c1/select.c:656:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case SEGID_NODE: lp = strlen(lexString(pat->val)); data/king-probe-2.16.160404+git20200121.9b198c1/utility.c:129:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max = strlen(arg); ANALYSIS SUMMARY: Hits = 131 Lines analyzed = 15037 in approximately 0.63 seconds (23946 lines/second) Physical Source Lines of Code (SLOC) = 11934 Hits@level = [0] 674 [1] 18 [2] 73 [3] 0 [4] 40 [5] 0 Hits@level+ = [0+] 805 [1+] 131 [2+] 113 [3+] 40 [4+] 40 [5+] 0 Hits/KSLOC@level+ = [0+] 67.4543 [1+] 10.977 [2+] 9.46874 [3+] 3.35177 [4+] 3.35177 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.