Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mrbayes-3.2.7a/src/bayes.c
Examining data/mrbayes-3.2.7a/src/bayes.h
Examining data/mrbayes-3.2.7a/src/best.c
Examining data/mrbayes-3.2.7a/src/best.h
Examining data/mrbayes-3.2.7a/src/command.c
Examining data/mrbayes-3.2.7a/src/command.h
Examining data/mrbayes-3.2.7a/src/likelihood.c
Examining data/mrbayes-3.2.7a/src/likelihood.h
Examining data/mrbayes-3.2.7a/src/mbbeagle.c
Examining data/mrbayes-3.2.7a/src/mbbeagle.h
Examining data/mrbayes-3.2.7a/src/mcmc.c
Examining data/mrbayes-3.2.7a/src/mcmc.h
Examining data/mrbayes-3.2.7a/src/model.c
Examining data/mrbayes-3.2.7a/src/model.h
Examining data/mrbayes-3.2.7a/src/proposal.c
Examining data/mrbayes-3.2.7a/src/proposal.h
Examining data/mrbayes-3.2.7a/src/sumpt.c
Examining data/mrbayes-3.2.7a/src/sumpt.h
Examining data/mrbayes-3.2.7a/src/utils.c
Examining data/mrbayes-3.2.7a/src/utils.h
FINAL RESULTS:
data/mrbayes-3.2.7a/src/bayes.c:359:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdStr, "Execute %s", argv[nProcessedArgs]);
data/mrbayes-3.2.7a/src/bayes.c:566:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (manFileName, "commref_mb%sp.txt", VERSION_NUMBER); /* name of command reference file */
data/mrbayes-3.2.7a/src/bayes.c:568:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (manFileName, "commref_mb%s.txt", VERSION_NUMBER); /* name of command reference file */
data/mrbayes-3.2.7a/src/command.c:479:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((*list)[len], token);
data/mrbayes-3.2.7a/src/command.c:834:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, taxaNames[taxonCount]);
data/mrbayes-3.2.7a/src/command.c:1228:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nodeName, tkn);
data/mrbayes-3.2.7a/src/command.c:1237:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nodeName, tkn);
data/mrbayes-3.2.7a/src/command.c:1299:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(calibrationPtr->name, defaultCalibration.name);
data/mrbayes-3.2.7a/src/command.c:1305:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (calName, tempStr);
data/mrbayes-3.2.7a/src/command.c:1503:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (calName, s);
data/mrbayes-3.2.7a/src/command.c:1520:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(calibrationPtr->name, calName);
data/mrbayes-3.2.7a/src/command.c:1682:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempSetName, tkn);
data/mrbayes-3.2.7a/src/command.c:2524:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nodeCalibration[numDefinedConstraints].name, defaultCalibration.name);
data/mrbayes-3.2.7a/src/command.c:2601:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempSetName, tkn);
data/mrbayes-3.2.7a/src/command.c:3570:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldToken, token);
data/mrbayes-3.2.7a/src/command.c:3772:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, oldToken);
data/mrbayes-3.2.7a/src/command.c:3824:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, oldToken);
data/mrbayes-3.2.7a/src/command.c:3839:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (inputFileName, tkn);
data/mrbayes-3.2.7a/src/command.c:4958:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (logFileName, tkn);
data/mrbayes-3.2.7a/src/command.c:5007:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (title, VERSION_NUMBER);
data/mrbayes-3.2.7a/src/command.c:5110:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (manFileName, tkn);
data/mrbayes-3.2.7a/src/command.c:5210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtFileName, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5211:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtOutfile, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5212:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpFileName, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5213:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpOutfile, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (comptreeParams.comptOutfile, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5218:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName1, "%s.t", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5219:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName2, "%s.t", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5223:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName1, "%s.run1.t", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5224:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName2, "%s.run2.t", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5228:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (plotParams.plotFileName, "%s.p", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5230:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (plotParams.plotFileName, "%s.run1.p", inputFileName);
data/mrbayes-3.2.7a/src/command.c:5232:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chainParams.chainFileName, inputFileName);
data/mrbayes-3.2.7a/src/command.c:5822:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempSetName, tkn);
data/mrbayes-3.2.7a/src/command.c:6595:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (workingDir, tkn);
data/mrbayes-3.2.7a/src/command.c:7112:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempStr, taxaNames[i]);
data/mrbayes-3.2.7a/src/command.c:7441:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempSetName, tkn);
data/mrbayes-3.2.7a/src/command.c:7740:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempSetName, tkn);
data/mrbayes-3.2.7a/src/command.c:7910:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, taxaNames[i]);
data/mrbayes-3.2.7a/src/command.c:7928:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, constraintNames[j]);
data/mrbayes-3.2.7a/src/command.c:7966:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, taxaNames[i]);
data/mrbayes-3.2.7a/src/command.c:8044:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (token, transFrom[i]);
data/mrbayes-3.2.7a/src/command.c:8414:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, transFrom[index]);
data/mrbayes-3.2.7a/src/command.c:8431:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->label, tempName);
data/mrbayes-3.2.7a/src/command.c:8453:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->label, tkn);
data/mrbayes-3.2.7a/src/command.c:8739:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, transFrom[index]);
data/mrbayes-3.2.7a/src/command.c:8756:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->label, tempName);
data/mrbayes-3.2.7a/src/command.c:8803:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->label, taxaNames[index]);
data/mrbayes-3.2.7a/src/command.c:8828:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t->eSetName[t->nESets-1],tempNameString);
data/mrbayes-3.2.7a/src/command.c:8833:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t->bSetName[t->nBSets-1],tempNameString);
data/mrbayes-3.2.7a/src/command.c:8838:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->popSizeSetName,tempNameString);
data/mrbayes-3.2.7a/src/command.c:9039:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dupstring, command);
data/mrbayes-3.2.7a/src/command.c:13543:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (validArg, tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:432:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(printString, tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:2465:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inputFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:3557:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (tkn, "%s", tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:3565:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chainParams.chainFileName, tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:3733:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chainParams.startTree, tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:3783:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chainParams.startParams, tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:10487:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (localFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10495:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.mcmc", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10505:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.p", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10507:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.p", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10517:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.t", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10519:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.t", localFileName, i+1);
data/mrbayes-3.2.7a/src/mcmc.c:10521:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.t", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10523:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10555:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.mcmc", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10568:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.p", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10570:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.p", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10581:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.t", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10583:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.t", localFileName, i+1);
data/mrbayes-3.2.7a/src/mcmc.c:10585:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.t", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10587:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:10600:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.ss", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10610:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.ckp", workingDir, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10611:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bkupName, fileName);
data/mrbayes-3.2.7a/src/mcmc.c:10622:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.dump", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:10624:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.dump", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:11237:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ckpFileName, "%s.ckp", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:11238:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bkupFileName, ckpFileName);
data/mrbayes-3.2.7a/src/mcmc.c:11240:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (oldBkupFileName, bkupFileName);
data/mrbayes-3.2.7a/src/mcmc.c:14965:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree->name, GetTreeFromIndex(j, i, 0)->name);
data/mrbayes-3.2.7a/src/mcmc.c:14967:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree->name, GetTreeFromIndex(j, i, 0)->name);
data/mrbayes-3.2.7a/src/mcmc.c:15445:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (localFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15451:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.p", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15453:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.p", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15461:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.t", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15463:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.t", localFileName, i+1);
data/mrbayes-3.2.7a/src/mcmc.c:15465:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.t", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15467:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.tree%d.run%d.t", localFileName, i+1, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15477:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.mcmc", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15487:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.dump", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15489:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.dump", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15918:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (localFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15924:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.p", workingDir, localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15926:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.run%d.p", workingDir, localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15927:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bkupName,fileName);
data/mrbayes-3.2.7a/src/mcmc.c:15944:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.t", workingDir, localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15946:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.tree%d.t", workingDir, localFileName, i+1);
data/mrbayes-3.2.7a/src/mcmc.c:15948:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.run%d.t", workingDir, localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15950:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.tree%d.run%d.t", workingDir, localFileName, i+1, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:15951:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bkupName,fileName);
data/mrbayes-3.2.7a/src/mcmc.c:15969:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.ss", workingDir, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15970:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bkupName,fileName);
data/mrbayes-3.2.7a/src/mcmc.c:15987:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s%s.mcmc", workingDir, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:15988:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bkupName,fileName);
data/mrbayes-3.2.7a/src/mcmc.c:16008:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.dump", localFileName);
data/mrbayes-3.2.7a/src/mcmc.c:16010:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName, "%s.run%d.dump", localFileName, n+1);
data/mrbayes-3.2.7a/src/mcmc.c:17361:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ckpFileName, "%s%s.ckp", workingDir, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17362:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (bkupFileName,"%s.ss%d", ckpFileName,chainParams.numStepsSS-stepIndexSS);
data/mrbayes-3.2.7a/src/mcmc.c:17368:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bkupFileName, ckpFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17730:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf (*target, *targetLen, fmt, argp);
data/mrbayes-3.2.7a/src/mcmc.c:17921:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17922:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtOutfile, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17923:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpFileName, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17924:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpOutfile, chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17927:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName1, "%s.t", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17928:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName2, "%s.t", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17929:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (plotParams.plotFileName, "%s.p", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17934:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName1, "%s.run1.t", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17935:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (comptreeParams.comptFileName2, "%s.run2.t", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/mcmc.c:17936:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (plotParams.plotFileName, "%s.run1.p", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/model.c:568:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp->name, "%s(%s%s)", moveType->shortName, moveType->paramName, partitionDescriptor);
data/mrbayes-3.2.7a/src/model.c:571:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp->name, "%s(%s", moveType->shortName, param->name);
data/mrbayes-3.2.7a/src/model.c:577:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp->name,param->subParams[i]->name);
data/mrbayes-3.2.7a/src/model.c:3118:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].nucModel, tempStr);
data/mrbayes-3.2.7a/src/model.c:3165:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].nst, tempStr);
data/mrbayes-3.2.7a/src/model.c:3557:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].omegaVar, tempStr);
data/mrbayes-3.2.7a/src/model.c:3589:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].geneticCode, tempStr);
data/mrbayes-3.2.7a/src/model.c:3623:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ploidy, tempStr);
data/mrbayes-3.2.7a/src/model.c:3665:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ratesModel, tempStr);
data/mrbayes-3.2.7a/src/model.c:3698:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].covarionModel, tempStr);
data/mrbayes-3.2.7a/src/model.c:3880:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, headerNames[n]);
data/mrbayes-3.2.7a/src/model.c:3968:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (plotParams.plotFileName, tkn);
data/mrbayes-3.2.7a/src/model.c:4057:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (plotParams.parameter, tkn);
data/mrbayes-3.2.7a/src/model.c:4071:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (plotParams.match, tempStr);
data/mrbayes-3.2.7a/src/model.c:4572:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].tRatioPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:4679:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].revMatPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:4712:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempStr,modelParams[i].revMatPr);
data/mrbayes-3.2.7a/src/model.c:4815:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].aaRevMatPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:4847:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempStr,modelParams[i].aaRevMatPr);
data/mrbayes-3.2.7a/src/model.c:5084:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].omegaPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5191:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ny98omega1pr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5281:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ny98omega3pr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5381:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].m3omegapr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5478:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].codonCatFreqPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5575:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].shapePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5695:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].pInvarPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5795:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].adGammaCorPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:5911:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].brownCorPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6029:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ratePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6158:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].generatePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6285:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].covSwitchPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6396:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].symPiPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6534:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].stateFreqPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6735:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].topologyPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:6750:41: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].brlensPr, defaultModel.brlensPr);
data/mrbayes-3.2.7a/src/model.c:6966:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].nodeAgePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7002:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].clockVarPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7037:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (colonPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7041:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].brlensPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7398:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].speciationPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7496:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].extinctionPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7579:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].fossilizationPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:7666:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].sampleStrat, tempStr);
data/mrbayes-3.2.7a/src/model.c:7901:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].treeAgePr.name, tempStr);
data/mrbayes-3.2.7a/src/model.c:7987:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(modelParams[i].treeAgePr.name, tempStr);
data/mrbayes-3.2.7a/src/model.c:8118:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].clockRatePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8276:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].popSizePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8445:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].popVarPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8477:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].cppRatePr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8552:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].cppMultDevPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8617:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].tk02varPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8712:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].igrvarPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8807:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].mixedvarPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:8906:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].growthPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:9037:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].aaModelPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:9108:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].aaModel, tempStr);
data/mrbayes-3.2.7a/src/model.c:9273:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].brownScalesPr, tempStr);
data/mrbayes-3.2.7a/src/model.c:9388:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].m10betapr, tempStr);
data/mrbayes-3.2.7a/src/model.c:9493:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].m10gammapr, tempStr);
data/mrbayes-3.2.7a/src/model.c:9766:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].tratioFormat, tempStr);
data/mrbayes-3.2.7a/src/model.c:9801:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].revmatFormat, tempStr);
data/mrbayes-3.2.7a/src/model.c:9836:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].ratemultFormat, tempStr);
data/mrbayes-3.2.7a/src/model.c:9867:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].treeFormat, tempStr);
data/mrbayes-3.2.7a/src/model.c:9898:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelParams[i].inferAncStates,tempStr);
data/mrbayes-3.2.7a/src/model.c:9940:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modelParams[i].inferSiteRates, tempStr);
data/mrbayes-3.2.7a/src/model.c:9982:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modelParams[i].inferPosSel, tempStr);
data/mrbayes-3.2.7a/src/model.c:10024:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modelParams[i].inferSiteOmegas, tempStr);
data/mrbayes-3.2.7a/src/model.c:12856:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (localName, treeName);
data/mrbayes-3.2.7a/src/model.c:12863:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, userTree[i]->name);
data/mrbayes-3.2.7a/src/model.c:12876:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, userTree[i]->name);
data/mrbayes-3.2.7a/src/model.c:15411:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempName, localTaxonNames[i]);
data/mrbayes-3.2.7a/src/model.c:18795:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "pi(%s)", tempCodon);
data/mrbayes-3.2.7a/src/model.c:18801:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "\tpi(%s)", tempCodon);
data/mrbayes-3.2.7a/src/model.c:20441:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (modelParams[j].ratemultFormat, modelParams[i].ratemultFormat);
data/mrbayes-3.2.7a/src/sumpt.c:235:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.p", sumpParams.sumpFileName);
data/mrbayes-3.2.7a/src/sumpt.c:237:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:276:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.p", sumpParams.sumpFileName);
data/mrbayes-3.2.7a/src/sumpt.c:278:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:581:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.p", sumpParams.sumpFileName);
data/mrbayes-3.2.7a/src/sumpt.c:583:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:622:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.p", sumpParams.sumpFileName);
data/mrbayes-3.2.7a/src/sumpt.c:624:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s.run%d.p", sumpParams.sumpFileName, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:1108:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (tkn, "%s", tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1109:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpFileName, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1110:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpOutfile, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1133:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (tkn, "%s", tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1134:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpOutfile, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1359:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (tkn, "%s", tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1360:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpFileName, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1361:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumpParams.sumpOutfile, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:1778:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(headerLine, s);
data/mrbayes-3.2.7a/src/sumpt.c:1984:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, headerNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:2046:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, headerNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:2252:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s[%s]", headerNames[i], modelElementNames[j][elem[j1].index]);
data/mrbayes-3.2.7a/src/sumpt.c:2258:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "%s[%s]", headerNames[i], modelElementNames[j][elem[j1].index]);
data/mrbayes-3.2.7a/src/sumpt.c:3239:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->nodes[i].label, sumtParams.taxaNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:3799:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sumtParams.curFileName, comptreeParams.comptFileName1);
data/mrbayes-3.2.7a/src/sumpt.c:3858:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.curFileName, comptreeParams.comptFileName2);
data/mrbayes-3.2.7a/src/sumpt.c:4427:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (comptreeParams.comptFileName1, tkn);
data/mrbayes-3.2.7a/src/sumpt.c:4444:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (comptreeParams.comptFileName2, tkn);
data/mrbayes-3.2.7a/src/sumpt.c:4461:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (comptreeParams.comptOutfile, tkn);
data/mrbayes-3.2.7a/src/sumpt.c:4610:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (inRefName, "%s.t", comptreeParams.comptFileName2);
data/mrbayes-3.2.7a/src/sumpt.c:4612:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (inRefName, "%s.run%d.t", comptreeParams.comptFileName2, n+1);
data/mrbayes-3.2.7a/src/sumpt.c:4684:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outName, comptreeParams.comptOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:4697:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inName, comptreeParams.comptFileName1);
data/mrbayes-3.2.7a/src/sumpt.c:4929:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fileName,"%s.tree%d", sumtParams.sumtFileName, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:4931:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fileName, sumtParams.sumtFileName);
data/mrbayes-3.2.7a/src/sumpt.c:4956:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tempName, "%s.t", fileName);
data/mrbayes-3.2.7a/src/sumpt.c:4958:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tempName, "%s.run%d.t", fileName, sumtParams.runId+1);
data/mrbayes-3.2.7a/src/sumpt.c:4959:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sumtParams.curFileName, tempName);
data/mrbayes-3.2.7a/src/sumpt.c:5056:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tempName, "%s.ratemult", chainParams.chainFileName);
data/mrbayes-3.2.7a/src/sumpt.c:5581:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (divString, treeName+4);
data/mrbayes-3.2.7a/src/sumpt.c:5600:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (divString, treeName+4);
data/mrbayes-3.2.7a/src/sumpt.c:5619:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (divString, treeName+4);
data/mrbayes-3.2.7a/src/sumpt.c:5725:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( divString, treeName+4);
data/mrbayes-3.2.7a/src/sumpt.c:5871:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtFileName, tkn);
data/mrbayes-3.2.7a/src/sumpt.c:5872:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sumtParams.sumtOutfile, tkn);
data/mrbayes-3.2.7a/src/sumpt.c:6008:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtConType, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:6211:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (tkn, "%s", tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:6212:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sumtParams.sumtOutfile, tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:6529:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sumtParams.popSizeSetName, t->popSizeSetName);
data/mrbayes-3.2.7a/src/sumpt.c:6703:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (treeName, sumtToken);
data/mrbayes-3.2.7a/src/sumpt.c:6708:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (treeName, sumtToken);
data/mrbayes-3.2.7a/src/sumpt.c:7012:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pFilename, comptreeParams.comptOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7013:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dFilename, comptreeParams.comptOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7097:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pFilename, "%s.tree%d.parts", sumtParams.sumtOutfile, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:7098:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sFilename, "%s.tree%d.tstat", sumtParams.sumtOutfile, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:7099:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (vFilename, "%s.tree%d.vstat", sumtParams.sumtOutfile, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:7100:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cFilename, "%s.tree%d.con.tre", sumtParams.sumtOutfile, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:7101:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tFilename, "%s.tree%d.trprobs", sumtParams.sumtOutfile, i+1);
data/mrbayes-3.2.7a/src/sumpt.c:7105:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pFilename, "%s.parts", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7106:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sFilename, "%s.tstat", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7107:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (vFilename, "%s.vstat", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7108:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cFilename, "%s.con.tre", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7109:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tFilename, "%s.trprobs", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7161:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pFilename, "%s.tree%d.parts", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7162:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sFilename, "%s.tree%d.tstat", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7163:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (vFilename, "%s.tree%d.vstat", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7164:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cFilename, "%s.tree%d.con.tre", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7165:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tFilename, "%s.tree%d.trprobs", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7169:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (pFilename, "%s.parts", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7170:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sFilename, "%s.tstat", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7171:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (vFilename, "%s.vstat", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7172:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cFilename, "%s.con.tre", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7173:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tFilename, "%s.trprobs", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7259:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filename, "%s.tree%d.brparams", sumtParams.sumtOutfile, treeNo+1);
data/mrbayes-3.2.7a/src/sumpt.c:7261:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filename, "%s.brparams", sumtParams.sumtOutfile);
data/mrbayes-3.2.7a/src/sumpt.c:7670:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempStr, taxaNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:7710:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tempStr, taxaNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:7909:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (printLine+to+2,"%s", label);
data/mrbayes-3.2.7a/src/sumpt.c:8173:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (printLine+treeWidth+1,"%s", label);
data/mrbayes-3.2.7a/src/utils.c:1152:13: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1163:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (logFileFp, format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1175:13: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1189:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (logFileFp, format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1207:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1213:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, ptr);
data/mrbayes-3.2.7a/src/utils.c:1289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:1307:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:1325:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:1342:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:1360:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:1606:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (*target, source);
data/mrbayes-3.2.7a/src/utils.c:1623:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*target, source);
data/mrbayes-3.2.7a/src/utils.c:1747:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workingDir);
data/mrbayes-3.2.7a/src/utils.c:2373:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pp->label, localTaxonNames[pp->index]);
data/mrbayes-3.2.7a/src/utils.c:2922:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p->label, q->label);
data/mrbayes-3.2.7a/src/utils.c:3065:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (to->name, from->name);
data/mrbayes-3.2.7a/src/utils.c:3087:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (to->bSetName[i], from->bSetName[i]);
data/mrbayes-3.2.7a/src/utils.c:3095:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (to->eSetName[i], from->eSetName[i]);
data/mrbayes-3.2.7a/src/utils.c:3121:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (to->popSizeSetName, from->popSizeSetName);
data/mrbayes-3.2.7a/src/utils.c:3418:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (to->name, from->name);
data/mrbayes-3.2.7a/src/utils.c:5694:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qa->label, q->label);
data/mrbayes-3.2.7a/src/utils.c:7435:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (labelLine, p->label);
data/mrbayes-3.2.7a/src/utils.c:7536:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (labelLine, t->root->label);
data/mrbayes-3.2.7a/src/bayes.c:236:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hiIv")) != -1) {
data/mrbayes-3.2.7a/src/bayes.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workingDir[100]; /* working directory */
data/mrbayes-3.2.7a/src/bayes.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poltmp[256];
data/mrbayes-3.2.7a/src/bayes.c:145:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(poltmp, "\nlastError = %d", lastError);
data/mrbayes-3.2.7a/src/bayes.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdStr[CMD_STRING_LENGTH];
data/mrbayes-3.2.7a/src/bayes.c:387:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cmdStr,"quit;\n");
data/mrbayes-3.2.7a/src/bayes.c:416:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (cmdStr,"quit;\n");
data/mrbayes-3.2.7a/src/bayes.c:574:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logFileName, "log.out"); /* name of the log file */
data/mrbayes-3.2.7a/src/bayes.c:665:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.codingString, "All"); /* ascertainment bias string */
data/mrbayes-3.2.7a/src/bayes.c:666:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.nucModel, "4by4"); /* nucleotide model */
data/mrbayes-3.2.7a/src/bayes.c:668:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.aaModelPr, "Fixed"); /* amino acid model prior */
data/mrbayes-3.2.7a/src/bayes.c:671:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.aaModel, "Poisson"); /* amino acid model */
data/mrbayes-3.2.7a/src/bayes.c:672:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.parsModel, "No"); /* do not use parsimony model */
data/mrbayes-3.2.7a/src/bayes.c:673:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.geneticCode, "Universal"); /* genetic code */
data/mrbayes-3.2.7a/src/bayes.c:674:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ploidy, "Diploid"); /* ploidy level */
data/mrbayes-3.2.7a/src/bayes.c:675:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.omegaVar, "Equal"); /* omega variation */
data/mrbayes-3.2.7a/src/bayes.c:676:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ratesModel, "Equal"); /* rates across sites model */
data/mrbayes-3.2.7a/src/bayes.c:680:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.useGibbs,"No"); /* do not use Gibbs sampling of rate cats by default */
data/mrbayes-3.2.7a/src/bayes.c:683:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.covarionModel, "No"); /* use covarion model? (yes/no) */
data/mrbayes-3.2.7a/src/bayes.c:684:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.augmentData, "No"); /* should data be augmented */
data/mrbayes-3.2.7a/src/bayes.c:685:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.tRatioPr, "Beta"); /* prior for ti/tv rate ratio */
data/mrbayes-3.2.7a/src/bayes.c:689:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.revMatPr, "Dirichlet"); /* prior for GTR model (nucleotides) */
data/mrbayes-3.2.7a/src/bayes.c:696:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (defaultModel.aaRevMatPr, "Dirichlet"); /* prior for GTR model (proteins) */
data/mrbayes-3.2.7a/src/bayes.c:702:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.omegaPr, "Dirichlet"); /* prior for omega */
data/mrbayes-3.2.7a/src/bayes.c:706:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ny98omega1pr, "Beta"); /* prior for class 1 omega (Ny98 model) */
data/mrbayes-3.2.7a/src/bayes.c:710:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ny98omega3pr, "Exponential"); /* prior for class 3 omega (Ny98 model) */
data/mrbayes-3.2.7a/src/bayes.c:715:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.m3omegapr, "Exponential"); /* prior for all three omegas (M3 model) */
data/mrbayes-3.2.7a/src/bayes.c:719:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.m10betapr, "Uniform"); /* prior for omega variation (M10 model) */
data/mrbayes-3.2.7a/src/bayes.c:720:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.m10gammapr, "Uniform");
data/mrbayes-3.2.7a/src/bayes.c:733:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.codonCatFreqPr, "Dirichlet"); /* prior for selection cat frequencies */
data/mrbayes-3.2.7a/src/bayes.c:740:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.stateFreqPr, "Dirichlet"); /* prior for character state frequencies */
data/mrbayes-3.2.7a/src/bayes.c:741:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.stateFreqsFixType, "Equal");
data/mrbayes-3.2.7a/src/bayes.c:748:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.shapePr, "Exponential"); /* prior for gamma/lnorm shape parameter */
data/mrbayes-3.2.7a/src/bayes.c:753:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.pInvarPr, "Uniform"); /* prior for proportion of invariable sites */
data/mrbayes-3.2.7a/src/bayes.c:757:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.adGammaCorPr, "Uniform"); /* prior for correlation param of adGamma model */
data/mrbayes-3.2.7a/src/bayes.c:761:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.covSwitchPr, "Uniform"); /* prior for switching rates of covarion model */
data/mrbayes-3.2.7a/src/bayes.c:767:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.symPiPr, "Fixed"); /* prior for pi when unidentifiable states used */
data/mrbayes-3.2.7a/src/bayes.c:772:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.brownCorPr, "Fixed"); /* prior on correlation of brownian model */
data/mrbayes-3.2.7a/src/bayes.c:776:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.brownScalesPr, "Gammamean"); /* prior on scales of brownian model */
data/mrbayes-3.2.7a/src/bayes.c:783:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.topologyPr, "Uniform"); /* prior for tree topology */
data/mrbayes-3.2.7a/src/bayes.c:786:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.brlensPr, "Unconstrained"); /* prior on branch lengths */
data/mrbayes-3.2.7a/src/bayes.c:800:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.unconstrainedPr, "GammaDir"); /* prior on branches if unconstrained */
data/mrbayes-3.2.7a/src/bayes.c:801:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.clockPr, "Uniform"); /* prior on branch lengths if clock enforced */
data/mrbayes-3.2.7a/src/bayes.c:803:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.treeAgePr.name, "Gamma(1.00,1.00)");
data/mrbayes-3.2.7a/src/bayes.c:811:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.clockRatePr, "Fixed"); /* prior on base subst. rate for clock trees */
data/mrbayes-3.2.7a/src/bayes.c:820:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.speciationPr, "Exponential"); /* prior on speciation rate (net diversification) */
data/mrbayes-3.2.7a/src/bayes.c:825:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.extinctionPr, "Beta"); /* prior on extinction rate (turnover) */
data/mrbayes-3.2.7a/src/bayes.c:829:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.fossilizationPr, "Beta"); /* prior on fossilization rate (sampling proportion) */
data/mrbayes-3.2.7a/src/bayes.c:833:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.sampleStrat, "Random"); /* taxon sampling strategy */
data/mrbayes-3.2.7a/src/bayes.c:839:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.popSizePr, "Gamma"); /* prior on coalescence population size */
data/mrbayes-3.2.7a/src/bayes.c:849:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.popVarPr, "Equal"); /* prior on pop. size variation across tree */
data/mrbayes-3.2.7a/src/bayes.c:850:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.growthPr, "Fixed"); /* prior on coalescence growth rate prior */
data/mrbayes-3.2.7a/src/bayes.c:857:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.nodeAgePr, "Unconstrained"); /* prior on node depths */
data/mrbayes-3.2.7a/src/bayes.c:858:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.clockVarPr, "Strict"); /* prior on clock rate variation */
data/mrbayes-3.2.7a/src/bayes.c:859:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.cppRatePr, "Exponential") ; /* prior on rate of CPP for relaxed clock */
data/mrbayes-3.2.7a/src/bayes.c:862:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.cppMultDevPr, "Fixed"); /* prior on standard dev. of lognormal of rate multipliers of CPP rel clock */
data/mrbayes-3.2.7a/src/bayes.c:864:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.tk02varPr, "Exponential"); /* prior on nu parameter for BM rel clock */
data/mrbayes-3.2.7a/src/bayes.c:869:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.igrvarPr, "Exponential"); /* prior on variance increase parameter for IGR rel clock */
data/mrbayes-3.2.7a/src/bayes.c:874:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.mixedvarPr, "Exponential"); /* prior on var parameter for mixed rel clock */
data/mrbayes-3.2.7a/src/bayes.c:879:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ratePr, "Fixed"); /* prior on rate for a partition */
data/mrbayes-3.2.7a/src/bayes.c:881:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.generatePr, "Fixed"); /* prior on rate for a gene (multispecies coalescent) */
data/mrbayes-3.2.7a/src/bayes.c:887:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.tratioFormat, "Ratio"); /* default format for tratio */
data/mrbayes-3.2.7a/src/bayes.c:888:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.revmatFormat, "Dirichlet"); /* default format for revmat */
data/mrbayes-3.2.7a/src/bayes.c:889:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.ratemultFormat, "Scaled"); /* default format for ratemult */
data/mrbayes-3.2.7a/src/bayes.c:890:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.treeFormat, "Brlens"); /* default format for trees */
data/mrbayes-3.2.7a/src/bayes.c:891:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.inferAncStates, "No"); /* do not infer ancestral states */
data/mrbayes-3.2.7a/src/bayes.c:892:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.inferPosSel, "No"); /* do not infer positive selection */
data/mrbayes-3.2.7a/src/bayes.c:893:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.inferSiteOmegas, "No"); /* do not infer site omega vals */
data/mrbayes-3.2.7a/src/bayes.c:894:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defaultModel.inferSiteRates, "No"); /* do not infer site rates */
data/mrbayes-3.2.7a/src/bayes.c:1005:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chainParams.chainFileName, "temp"); /* chain file name for output */
data/mrbayes-3.2.7a/src/bayes.c:1008:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chainParams.startTree, "Current"); /* starting tree for chain (random/current) */
data/mrbayes-3.2.7a/src/bayes.c:1009:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chainParams.startParams, "Current"); /* starting params for chain (reset/current) */
data/mrbayes-3.2.7a/src/bayes.c:1038:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sumtParams.sumtFileName, "temp"); /* input name for sumt command */
data/mrbayes-3.2.7a/src/bayes.c:1039:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sumtParams.sumtConType, "Halfcompat"); /* type of consensus tree output */
data/mrbayes-3.2.7a/src/bayes.c:1050:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sumtParams.sumtOutfile, "temp"); /* output name for sumt command */
data/mrbayes-3.2.7a/src/bayes.c:1056:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sumpParams.sumpFileName, "temp"); /* input name for sump command */
data/mrbayes-3.2.7a/src/bayes.c:1057:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sumpParams.sumpOutfile, "temp"); /* output name for sump command */
data/mrbayes-3.2.7a/src/bayes.c:1071:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comptreeParams.comptFileName1, "temp.t"); /* input name for comparetree command */
data/mrbayes-3.2.7a/src/bayes.c:1072:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comptreeParams.comptFileName2, "temp.t"); /* input name for comparetree command */
data/mrbayes-3.2.7a/src/bayes.c:1073:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comptreeParams.comptOutfile, "temp.comp");/* output name for comparetree command */
data/mrbayes-3.2.7a/src/bayes.c:1077:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plotParams.plotFileName, "temp.p"); /* input name for plot command */
data/mrbayes-3.2.7a/src/bayes.c:1078:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plotParams.parameter, "lnL"); /* plotted parameter plot command */
data/mrbayes-3.2.7a/src/bayes.c:1079:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(plotParams.match, "Perfect"); /* matching for plot command */
data/mrbayes-3.2.7a/src/bayes.h:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/mrbayes-3.2.7a/src/bayes.h:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100]; /*!< name of tree */
data/mrbayes-3.2.7a/src/bayes.h:625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[100]; /*!< name of node if terminal */
data/mrbayes-3.2.7a/src/bayes.h:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100]; /*!< name of tree */
data/mrbayes-3.2.7a/src/bayes.h:898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tuningName[5]; /* name of tuning params */
data/mrbayes-3.2.7a/src/bayes.h:899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shortTuningName[5];/* short name of tuning params */
data/mrbayes-3.2.7a/src/bayes.h:979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nucModel[100]; /* nucleotide model used */
data/mrbayes-3.2.7a/src/bayes.h:980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nst[100]; /* number of substitution types */
data/mrbayes-3.2.7a/src/bayes.h:981:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parsModel[100]; /* use the (so-called) parsimony model */
data/mrbayes-3.2.7a/src/bayes.h:982:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geneticCode[100]; /* genetic code used */
data/mrbayes-3.2.7a/src/bayes.h:984:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codingString[100]; /* string describing type of patterns encoded */
data/mrbayes-3.2.7a/src/bayes.h:985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ploidy[100]; /* ploidy level */
data/mrbayes-3.2.7a/src/bayes.h:986:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char omegaVar[100]; /* type of omega variation model */
data/mrbayes-3.2.7a/src/bayes.h:987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ratesModel[100]; /* rates across sites model */
data/mrbayes-3.2.7a/src/bayes.h:991:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char useGibbs[100]; /* flags whether Gibbs sampling of discrete gamma is used */
data/mrbayes-3.2.7a/src/bayes.h:997:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char covarionModel[100];/* use covarion model? (yes/no) */
data/mrbayes-3.2.7a/src/bayes.h:998:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char augmentData[100]; /* should data be augmented */
data/mrbayes-3.2.7a/src/bayes.h:1000:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tRatioPr[100]; /* prior for ti/tv rate ratio */
data/mrbayes-3.2.7a/src/bayes.h:1003:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char revMatPr[100]; /* prior for GTR model */
data/mrbayes-3.2.7a/src/bayes.h:1007:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaModelPr[100]; /* prior for amino acid model */
data/mrbayes-3.2.7a/src/bayes.h:1008:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaModel[100];
data/mrbayes-3.2.7a/src/bayes.h:1010:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaRevMatPr[100]; /* prior for aa GTR model */
data/mrbayes-3.2.7a/src/bayes.h:1013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char omegaPr[100]; /* prior for omega */
data/mrbayes-3.2.7a/src/bayes.h:1016:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ny98omega1pr[100]; /* prior for class 1 omega (Ny98 model) */
data/mrbayes-3.2.7a/src/bayes.h:1019:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ny98omega3pr[100]; /* prior for class 3 omega (Ny98 model) */
data/mrbayes-3.2.7a/src/bayes.h:1023:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m3omegapr[100]; /* prior for all three omegas (M3 model) */
data/mrbayes-3.2.7a/src/bayes.h:1025:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m10betapr[100]; /* prior for omega variation (M10 model) */
data/mrbayes-3.2.7a/src/bayes.h:1026:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m10gammapr[100];
data/mrbayes-3.2.7a/src/bayes.h:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codonCatFreqPr[100]; /* prior for selection cat frequencies */
data/mrbayes-3.2.7a/src/bayes.h:1036:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stateFreqPr[100]; /* prior for character state frequencies */
data/mrbayes-3.2.7a/src/bayes.h:1039:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stateFreqsFixType[100];
data/mrbayes-3.2.7a/src/bayes.h:1041:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shapePr[100]; /* prior for gamma/lnorm shape parameter */
data/mrbayes-3.2.7a/src/bayes.h:1045:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pInvarPr[100]; /* prior for proportion of invariable sites */
data/mrbayes-3.2.7a/src/bayes.h:1048:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adGammaCorPr[100]; /* prior for correlation param of adGamma model */
data/mrbayes-3.2.7a/src/bayes.h:1051:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char covSwitchPr[100]; /* prior for switching rates of covarion model */
data/mrbayes-3.2.7a/src/bayes.h:1055:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symPiPr[100]; /* prior for pi when unidentifiable states used */
data/mrbayes-3.2.7a/src/bayes.h:1059:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ratePr[100]; /* prior on rate for a partition */
data/mrbayes-3.2.7a/src/bayes.h:1061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char generatePr[100]; /* prior on rate for a gene (one or more partitions) */
data/mrbayes-3.2.7a/src/bayes.h:1063:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brownCorPr[100]; /* prior for correlation of Brownian model */
data/mrbayes-3.2.7a/src/bayes.h:1066:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brownScalesPr[100]; /* prior for scales of Brownian model */
data/mrbayes-3.2.7a/src/bayes.h:1072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topologyPr[100]; /* prior for tree topology */
data/mrbayes-3.2.7a/src/bayes.h:1077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brlensPr[100]; /* prior on branch lengths */
data/mrbayes-3.2.7a/src/bayes.h:1084:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speciesTreeBrlensPr[100]; /* prior on branch lengths of species tree */
data/mrbayes-3.2.7a/src/bayes.h:1085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unconstrainedPr[100]; /* prior on branch lengths if unconstrained */
data/mrbayes-3.2.7a/src/bayes.h:1086:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clockPr[100]; /* prior on branch if clock enforced */
data/mrbayes-3.2.7a/src/bayes.h:1087:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clockVarPr[100]; /* prior on clock rate variation (strict, cpp, tk02, igr, ...) */
data/mrbayes-3.2.7a/src/bayes.h:1088:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodeAgePr[100]; /* prior on node depths (unconstrained, constraints) */
data/mrbayes-3.2.7a/src/bayes.h:1089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speciationPr[100]; /* prior on speciation rate (net diversification) */
data/mrbayes-3.2.7a/src/bayes.h:1093:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extinctionPr[100]; /* prior on relative extinction rate (turnover) */
data/mrbayes-3.2.7a/src/bayes.h:1096:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fossilizationPr[100]; /* prior on fossilization rate (sampling proportion) */
data/mrbayes-3.2.7a/src/bayes.h:1099:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sampleStrat[100]; /* taxon sampling strategy (for b-d process) */
data/mrbayes-3.2.7a/src/bayes.h:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clockRatePr[100]; /* prior on base substitution rate of tree for clock trees */
data/mrbayes-3.2.7a/src/bayes.h:1115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char popSizePr[100]; /* prior on population size */
data/mrbayes-3.2.7a/src/bayes.h:1121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char popVarPr[100]; /* prior on pop. size variation across tree */
data/mrbayes-3.2.7a/src/bayes.h:1122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char growthPr[100]; /* prior on coalescence growth rate */
data/mrbayes-3.2.7a/src/bayes.h:1127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cppRatePr[100]; /* prior on CPP rate */
data/mrbayes-3.2.7a/src/bayes.h:1130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cppMultDevPr[100]; /* prior on CPP rate multiplier Lognormal variance */
data/mrbayes-3.2.7a/src/bayes.h:1132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tk02varPr[100]; /* prior on TK02 lognormal rate variance */
data/mrbayes-3.2.7a/src/bayes.h:1136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char igrvarPr[100]; /* prior on IGR gamma distribution variance */
data/mrbayes-3.2.7a/src/bayes.h:1140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mixedvarPr[100]; /* prior on mixed relaxed clock rate variance */
data/mrbayes-3.2.7a/src/bayes.h:1145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tratioFormat[30]; /* format used to report tratio */
data/mrbayes-3.2.7a/src/bayes.h:1146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char revmatFormat[30]; /* format used to report revmat */
data/mrbayes-3.2.7a/src/bayes.h:1147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ratemultFormat[30]; /* format used to report ratemult */
data/mrbayes-3.2.7a/src/bayes.h:1148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treeFormat[30]; /* format used to report trees/topologies */
data/mrbayes-3.2.7a/src/bayes.h:1149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inferAncStates[5]; /* should ancestral states be inferred (Yes/No)? */
data/mrbayes-3.2.7a/src/bayes.h:1150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inferSiteOmegas[5]; /* should site omega vals be inferred (Yes/No)? */
data/mrbayes-3.2.7a/src/bayes.h:1151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inferSiteRates[5]; /* should site rates be inferred (Yes/No)? */
data/mrbayes-3.2.7a/src/bayes.h:1152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inferPosSel[5]; /* should site selection be inferred (Yes/No)? */
data/mrbayes-3.2.7a/src/bayes.h:1172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chainFileName[100]; /* chain file name for output */
data/mrbayes-3.2.7a/src/bayes.h:1175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startTree[100]; /* starting tree for chain (current/random) */
data/mrbayes-3.2.7a/src/bayes.h:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startParams[100]; /* starting values for chain (current/reset) */
data/mrbayes-3.2.7a/src/bayes.h:1415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumtFileName[100]; /* name of input file */
data/mrbayes-3.2.7a/src/bayes.h:1416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumtOutfile[120]; /* name of output file */
data/mrbayes-3.2.7a/src/bayes.h:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curFileName[120]; /* name of file being processed */
data/mrbayes-3.2.7a/src/bayes.h:1419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumtConType[100]; /* consensus tree type */
data/mrbayes-3.2.7a/src/bayes.h:1463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comptFileName1[120]; /* name of first input file */
data/mrbayes-3.2.7a/src/bayes.h:1464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comptFileName2[120]; /* name of second input file */
data/mrbayes-3.2.7a/src/bayes.h:1465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comptOutfile[120]; /* name of output file */
data/mrbayes-3.2.7a/src/bayes.h:1472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumpFileName[100]; /* name of input file */
data/mrbayes-3.2.7a/src/bayes.h:1473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumpOutfile[120]; /* name of output file */
data/mrbayes-3.2.7a/src/bayes.h:1496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plotFileName[120]; /* name of input file */
data/mrbayes-3.2.7a/src/bayes.h:1497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter[100]; /* parameter(s) to be plotted */
data/mrbayes-3.2.7a/src/bayes.h:1498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char match[100]; /* whether the match needs to be perfect */
data/mrbayes-3.2.7a/src/bayes.h:1618:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char inputFileName[100]; /* input (NEXUS) file name */
data/mrbayes-3.2.7a/src/bayes.h:1632:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char logFileName[100]; /* name of the log file */
data/mrbayes-3.2.7a/src/bayes.h:1634:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char manFileName[100]; /* name of man file */
data/mrbayes-3.2.7a/src/bayes.h:1703:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spacer[10]; /* holds blanks for printing indentations */
data/mrbayes-3.2.7a/src/bayes.h:1708:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stamp[11]; /* holds a unique identifier for each analysis */
data/mrbayes-3.2.7a/src/bayes.h:1737:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workingDir[100]; /* working directory */
data/mrbayes-3.2.7a/src/command.c:148:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void PrintYesNo (int yn, char s[4]);
data/mrbayes-3.2.7a/src/command.c:189:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logFileName[100]; /* name of the log file */
data/mrbayes-3.2.7a/src/command.c:193:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manFileName[100]; /* name of the file for the command help info */
data/mrbayes-3.2.7a/src/command.c:222:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spacer[10]; /* holds blanks for printing indentations */
data/mrbayes-3.2.7a/src/command.c:260:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tokenP, token[CMD_STRING_LENGTH], *cmdStr=NULL;
data/mrbayes-3.2.7a/src/command.c:367:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gapId, missingId, matchId, tempSetName[100], **tempNames;
data/mrbayes-3.2.7a/src/command.c:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[100];
data/mrbayes-3.2.7a/src/command.c:1019:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:1031:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:1043:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:1051:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:1059:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:1197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nodeName[100], calName[100];
data/mrbayes-3.2.7a/src/command.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20], tempStr[100];
data/mrbayes-3.2.7a/src/command.c:1502:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "%1.2lf", tempD);
data/mrbayes-3.2.7a/src/command.c:1831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[100];
data/mrbayes-3.2.7a/src/command.c:3548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, exeFileName[100];
data/mrbayes-3.2.7a/src/command.c:3551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *oldTokenP, oldToken[CMD_STRING_LENGTH];
data/mrbayes-3.2.7a/src/command.c:3748:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:3765:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:3811:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (spacer, " ");
data/mrbayes-3.2.7a/src/command.c:4068:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/command.c:4978:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[100];
data/mrbayes-3.2.7a/src/command.c:5006:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (title, "Command Reference for MrBayes ver. ");
data/mrbayes-3.2.7a/src/command.c:6213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/command.c:7080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100], stride;
data/mrbayes-3.2.7a/src/command.c:7898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[100];
data/mrbayes-3.2.7a/src/command.c:8153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[100];
data/mrbayes-3.2.7a/src/command.c:9600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempString[100];
data/mrbayes-3.2.7a/src/command.c:13521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/command.c:13764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[100];
data/mrbayes-3.2.7a/src/command.c:13985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yesNoStr[20];
data/mrbayes-3.2.7a/src/command.c:14007:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (yesNoStr, "Avgstddev");
data/mrbayes-3.2.7a/src/command.c:14009:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (yesNoStr, "Maxstddev");
data/mrbayes-3.2.7a/src/command.c:14044:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void PrintYesNo (int yn, char s[4])
data/mrbayes-3.2.7a/src/command.c:14047:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (s, "Yes");
data/mrbayes-3.2.7a/src/command.c:14049:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (s, "No");
data/mrbayes-3.2.7a/src/command.c:14865:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " nothing");
data/mrbayes-3.2.7a/src/command.c:14870:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " command");
data/mrbayes-3.2.7a/src/command.c:14876:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14877:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " parameter");
data/mrbayes-3.2.7a/src/command.c:14883:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14884:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " =");
data/mrbayes-3.2.7a/src/command.c:14890:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14891:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " :");
data/mrbayes-3.2.7a/src/command.c:14897:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14898:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " ;");
data/mrbayes-3.2.7a/src/command.c:14904:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14905:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " ,");
data/mrbayes-3.2.7a/src/command.c:14911:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14912:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " #");
data/mrbayes-3.2.7a/src/command.c:14918:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14919:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " ?");
data/mrbayes-3.2.7a/src/command.c:14925:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14926:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " -");
data/mrbayes-3.2.7a/src/command.c:14932:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14933:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " (");
data/mrbayes-3.2.7a/src/command.c:14939:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14940:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " )");
data/mrbayes-3.2.7a/src/command.c:14946:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14947:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " [");
data/mrbayes-3.2.7a/src/command.c:14953:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14954:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " ]");
data/mrbayes-3.2.7a/src/command.c:14960:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14961:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " <name>");
data/mrbayes-3.2.7a/src/command.c:14967:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14968:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " <number>");
data/mrbayes-3.2.7a/src/command.c:14974:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14975:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " return");
data/mrbayes-3.2.7a/src/command.c:14981:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14982:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " *");
data/mrbayes-3.2.7a/src/command.c:14988:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14989:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " /");
data/mrbayes-3.2.7a/src/command.c:14995:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:14996:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " \\");
data/mrbayes-3.2.7a/src/command.c:15002:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15003:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " !");
data/mrbayes-3.2.7a/src/command.c:15009:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15010:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " %");
data/mrbayes-3.2.7a/src/command.c:15016:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15017:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " {");
data/mrbayes-3.2.7a/src/command.c:15023:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15024:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " }");
data/mrbayes-3.2.7a/src/command.c:15030:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15031:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " <whatever>");
data/mrbayes-3.2.7a/src/command.c:15037:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15038:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " |");
data/mrbayes-3.2.7a/src/command.c:15044:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " or");
data/mrbayes-3.2.7a/src/command.c:15045:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(st, " no clue");
data/mrbayes-3.2.7a/src/mcmc.c:268:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputFileName[100]; /* input (NEXUS) file name */
data/mrbayes-3.2.7a/src/mcmc.c:274:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[11]; /* holds a unique identifier for each analysis */
data/mrbayes-3.2.7a/src/mcmc.c:2119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void*) to, (void*) from, (size_t)(m->numChars) * sizeof(CLFlt));
data/mrbayes-3.2.7a/src/mcmc.c:2286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/mrbayes-3.2.7a/src/mcmc.c:2466:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inputFileName, ".ckp");
data/mrbayes-3.2.7a/src/mcmc.c:2505:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numPreviousGen = atoi(temp);
data/mrbayes-3.2.7a/src/mcmc.c:2700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[5];
data/mrbayes-3.2.7a/src/mcmc.c:4113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/mrbayes-3.2.7a/src/mcmc.c:10443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localFileName[100], fileName[220], bkupName[220];
data/mrbayes-3.2.7a/src/mcmc.c:11209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkupFileName[220], oldBkupFileName[220], ckpFileName[220], *tempString=NULL;
data/mrbayes-3.2.7a/src/mcmc.c:15436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[120], localFileName[100];
data/mrbayes-3.2.7a/src/mcmc.c:15502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, line[100];
data/mrbayes-3.2.7a/src/mcmc.c:15876:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localFileName[100], fileName[220], bkupName[220];
data/mrbayes-3.2.7a/src/mcmc.c:16037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckpFileName[220], bkupFileName[220];
data/mrbayes-3.2.7a/src/mcmc.c:18826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/mrbayes-3.2.7a/src/mcmc.c:18833:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (spacer, " ");
data/mrbayes-3.2.7a/src/mcmc.c:18838:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "tRatio[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18845:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "revMat[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18852:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "stateFreq[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18859:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "omega[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18866:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "shape[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18873:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "pInvar[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18880:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "correlation[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18887:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "switchRates[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18894:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "rateMult[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18901:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "speciationRates[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18908:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "extinctionRates[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18915:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "fossilizationRates[%d]", i);
data/mrbayes-3.2.7a/src/mcmc.c:18922:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "popSize[%d]", i);
data/mrbayes-3.2.7a/src/model.c:152:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colonPr[100], clockPr[30];
data/mrbayes-3.2.7a/src/model.c:1267:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tree->name, "mcmc.tree%d_%d", p->treeIndex+1, run*to + m +1);
data/mrbayes-3.2.7a/src/model.c:1269:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tree->name, "mcmc.tree_%d", run*to + m +1);
data/mrbayes-3.2.7a/src/model.c:2263:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "All");
data/mrbayes-3.2.7a/src/model.c:2265:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Informative");
data/mrbayes-3.2.7a/src/model.c:2270:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Variable");
data/mrbayes-3.2.7a/src/model.c:2274:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Variable|Nosingletonabsence");
data/mrbayes-3.2.7a/src/model.c:2278:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Variable|Nosingletonpresence");
data/mrbayes-3.2.7a/src/model.c:2285:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nosingletons");
data/mrbayes-3.2.7a/src/model.c:2289:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Noabsencesites|Nosingletons");
data/mrbayes-3.2.7a/src/model.c:2293:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nopresencesites|Nosingletons");
data/mrbayes-3.2.7a/src/model.c:2298:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Noabsencesites");
data/mrbayes-3.2.7a/src/model.c:2302:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nopresencesites");
data/mrbayes-3.2.7a/src/model.c:2306:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nosingletonabsence");
data/mrbayes-3.2.7a/src/model.c:2310:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nosingletonpresence");
data/mrbayes-3.2.7a/src/model.c:2314:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Noabsencesites|Nosingletonabsence");
data/mrbayes-3.2.7a/src/model.c:2318:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Noabsencesites|Nosingletonpresence");
data/mrbayes-3.2.7a/src/model.c:2322:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nopresencesites|Nosingletonabsence");
data/mrbayes-3.2.7a/src/model.c:2326:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "Nopresencesites|Nosingletonpresence");
data/mrbayes-3.2.7a/src/model.c:3011:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/model.c:3122:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqPr, "Dirichlet");
data/mrbayes-3.2.7a/src/model.c:3123:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqsFixType, "Equal");
data/mrbayes-3.2.7a/src/model.c:3308:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].useGibbs, "Yes");
data/mrbayes-3.2.7a/src/model.c:3312:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].useGibbs, "No");
data/mrbayes-3.2.7a/src/model.c:3486:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].parsModel, "Yes");
data/mrbayes-3.2.7a/src/model.c:3488:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].parsModel, "No");
data/mrbayes-3.2.7a/src/model.c:3522:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].augmentData, "Yes");
data/mrbayes-3.2.7a/src/model.c:3524:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].augmentData, "No");
data/mrbayes-3.2.7a/src/model.c:3813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[100], **headerNames = NULL;
data/mrbayes-3.2.7a/src/model.c:3939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/model.c:4460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/model.c:6027:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].ratePr, "Dirichlet");
data/mrbayes-3.2.7a/src/model.c:6034:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempStr," [Dirichlet(..,1,..)]");
data/mrbayes-3.2.7a/src/model.c:6040:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr,"Variable");
data/mrbayes-3.2.7a/src/model.c:6156:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].generatePr, "Dirichlet");
data/mrbayes-3.2.7a/src/model.c:6163:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempStr," [Dirichlet(..,1,..)]");
data/mrbayes-3.2.7a/src/model.c:6169:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr,"Variable");
data/mrbayes-3.2.7a/src/model.c:6560:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqsFixType, "Equal");
data/mrbayes-3.2.7a/src/model.c:6568:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqsFixType, "Empirical");
data/mrbayes-3.2.7a/src/model.c:6593:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqsFixType, "User");
data/mrbayes-3.2.7a/src/model.c:6683:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].stateFreqsFixType, "User");
data/mrbayes-3.2.7a/src/model.c:6748:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].brlensPr, "Uniform");
data/mrbayes-3.2.7a/src/model.c:6994:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tempStr, "TK02");
data/mrbayes-3.2.7a/src/model.c:6996:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tempStr, "Igr");
data/mrbayes-3.2.7a/src/model.c:7077:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].unconstrainedPr, "Uniform");
data/mrbayes-3.2.7a/src/model.c:7083:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].unconstrainedPr, "Exponential");
data/mrbayes-3.2.7a/src/model.c:7089:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].unconstrainedPr, "GammaDir");
data/mrbayes-3.2.7a/src/model.c:7095:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].unconstrainedPr, "invGamDir");
data/mrbayes-3.2.7a/src/model.c:7101:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].unconstrainedPr, "twoExp");
data/mrbayes-3.2.7a/src/model.c:7116:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Uniform");
data/mrbayes-3.2.7a/src/model.c:7120:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Uniform");
data/mrbayes-3.2.7a/src/model.c:7130:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Birthdeath");
data/mrbayes-3.2.7a/src/model.c:7134:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Birthdeath");
data/mrbayes-3.2.7a/src/model.c:7144:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Coalescence");
data/mrbayes-3.2.7a/src/model.c:7148:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Coalescence");
data/mrbayes-3.2.7a/src/model.c:7158:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Speciestreecoalescence");
data/mrbayes-3.2.7a/src/model.c:7162:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Speciestreecoalescence");
data/mrbayes-3.2.7a/src/model.c:7172:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Fossilization");
data/mrbayes-3.2.7a/src/model.c:7176:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Fossilization");
data/mrbayes-3.2.7a/src/model.c:7186:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (clockPr, "Fixed");
data/mrbayes-3.2.7a/src/model.c:7190:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].clockPr, "Fixed");
data/mrbayes-3.2.7a/src/model.c:7940:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempStr, "%1.2lf", tempD);
data/mrbayes-3.2.7a/src/model.c:7986:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempStr, "%1.2lf", tempD);
data/mrbayes-3.2.7a/src/model.c:8009:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[i].treeAgePr.name, "Gamma(1.00,1.00)");
data/mrbayes-3.2.7a/src/model.c:9069:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Poisson");
data/mrbayes-3.2.7a/src/model.c:9071:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Equalin");
data/mrbayes-3.2.7a/src/model.c:9073:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Jones");
data/mrbayes-3.2.7a/src/model.c:9075:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Dayhoff");
data/mrbayes-3.2.7a/src/model.c:9077:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Mtrev");
data/mrbayes-3.2.7a/src/model.c:9079:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Mtmam");
data/mrbayes-3.2.7a/src/model.c:9081:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Wag");
data/mrbayes-3.2.7a/src/model.c:9083:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Rtrev");
data/mrbayes-3.2.7a/src/model.c:9085:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Cprev");
data/mrbayes-3.2.7a/src/model.c:9087:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Vt");
data/mrbayes-3.2.7a/src/model.c:9089:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Blosum");
data/mrbayes-3.2.7a/src/model.c:9091:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Blosum");
data/mrbayes-3.2.7a/src/model.c:9093:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "LG");
data/mrbayes-3.2.7a/src/model.c:9095:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempStr, "Gtr");
data/mrbayes-3.2.7a/src/model.c:9595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[100];
data/mrbayes-3.2.7a/src/model.c:9657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/model.c:10816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/model.c:12846:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localName[100], temp[100];
data/mrbayes-3.2.7a/src/model.c:12987:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tree->name, "mcmc.tree%d_%d",
data/mrbayes-3.2.7a/src/model.c:12990:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tree->name, "mcmc.tree_%d", i + 1);
data/mrbayes-3.2.7a/src/model.c:15379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[100];
data/mrbayes-3.2.7a/src/model.c:15571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char piHeader[30];
data/mrbayes-3.2.7a/src/model.c:15901:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (piHeader, "\tpi_%d(%d)", origCharPos+1, ts);
data/mrbayes-3.2.7a/src/model.c:17713:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[j].codingString, "Variable");
data/mrbayes-3.2.7a/src/model.c:17718:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[j].codingString, "Noabsencesites");
data/mrbayes-3.2.7a/src/model.c:17723:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelParams[j].codingString, "All");
data/mrbayes-3.2.7a/src/model.c:18174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempCodon[15], tempMult[15], *tempStr,temp[30];
data/mrbayes-3.2.7a/src/model.c:18418:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "r(%c<->%c)", StateCode_AA(n1), StateCode_AA(n2));
data/mrbayes-3.2.7a/src/model.c:18424:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tr(%c<->%c)", StateCode_AA(n1), StateCode_AA(n2));
data/mrbayes-3.2.7a/src/model.c:18451:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "r(%c<->%c)", StateCode_NUC4(n1), StateCode_NUC4(n2));
data/mrbayes-3.2.7a/src/model.c:18457:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tr(%c<->%c)", StateCode_NUC4(n1), StateCode_NUC4(n2));
data/mrbayes-3.2.7a/src/model.c:18465:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tgtrsubmodel");
data/mrbayes-3.2.7a/src/model.c:18468:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tk_revmat");
data/mrbayes-3.2.7a/src/model.c:18566:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "omega(%d)", i+1);
data/mrbayes-3.2.7a/src/model.c:18568:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tomega(%d)", i+1);
data/mrbayes-3.2.7a/src/model.c:18782:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "pi(%c)", StateCode_NUC4(0));
data/mrbayes-3.2.7a/src/model.c:18787:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "\tpi(%c)", StateCode_NUC4(n1));
data/mrbayes-3.2.7a/src/model.c:18811:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempCodon, "pi(A");
data/mrbayes-3.2.7a/src/model.c:18813:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempCodon, "pi(C");
data/mrbayes-3.2.7a/src/model.c:18815:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempCodon, "pi(G");
data/mrbayes-3.2.7a/src/model.c:18817:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tempCodon, "pi(T");
data/mrbayes-3.2.7a/src/model.c:18827:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempCodon, "A)");
data/mrbayes-3.2.7a/src/model.c:18829:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempCodon, "C)");
data/mrbayes-3.2.7a/src/model.c:18831:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempCodon, "G)");
data/mrbayes-3.2.7a/src/model.c:18833:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempCodon, "T)");
data/mrbayes-3.2.7a/src/model.c:19068:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempMult, "m{%d}", i+1);
data/mrbayes-3.2.7a/src/model.c:19111:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempMult, "g_m{%d}", i+1);
data/mrbayes-3.2.7a/src/model.c:19392:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempStr, "\tnet_speciation_%d", i+1);
data/mrbayes-3.2.7a/src/model.c:19432:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempStr, "\trelative_extinction_%d", i+1);
data/mrbayes-3.2.7a/src/model.c:19469:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tempStr, "\trelative_fossilization_%d", i+1);
data/mrbayes-3.2.7a/src/sumpt.c:336:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (temp, ".lstat");
data/mrbayes-3.2.7a/src/sumpt.c:1079:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/sumpt.c:1330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/sumpt.c:1629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sumpTokenP, sumpToken[CMD_STRING_LENGTH], *s=NULL, *headerLine, *t;
data/mrbayes-3.2.7a/src/sumpt.c:1976:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[100];
data/mrbayes-3.2.7a/src/sumpt.c:1999:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (temp, ".pstat");
data/mrbayes-3.2.7a/src/sumpt.c:2104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[100];
data/mrbayes-3.2.7a/src/sumpt.c:2139:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (temp, ".mstat");
data/mrbayes-3.2.7a/src/sumpt.c:2304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plotSymbol[15][60];
data/mrbayes-3.2.7a/src/sumpt.c:2473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempf[100];
data/mrbayes-3.2.7a/src/sumpt.c:2496:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tempf, ".pstat");
data/mrbayes-3.2.7a/src/sumpt.c:2781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumpToken[CMD_STRING_LENGTH], *s=NULL, *p;
data/mrbayes-3.2.7a/src/sumpt.c:3678:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeName[0],"tree"); //in case if parameter is not specified in a .t file
data/mrbayes-3.2.7a/src/sumpt.c:3679:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeName[1],"tree");
data/mrbayes-3.2.7a/src/sumpt.c:4404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/sumpt.c:4569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outName[130], inName[130], inRefName[130], treeName[100], *lineBuf=NULL, *s;
data/mrbayes-3.2.7a/src/sumpt.c:4685:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (outName, ".sdsf");
data/mrbayes-3.2.7a/src/sumpt.c:4736:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gen = atoi(s+4); // 4 is offset to get rid of "rep." in tree name
data/mrbayes-3.2.7a/src/sumpt.c:4874:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeName,"tree"); //in case if parameter is not specified in a .t file
data/mrbayes-3.2.7a/src/sumpt.c:5835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/sumpt.c:6637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumtToken[100], *s, *sumtTokenP;
data/mrbayes-3.2.7a/src/sumpt.c:7005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFilename[120], dFilename[120];
data/mrbayes-3.2.7a/src/sumpt.c:7014:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (pFilename, ".pairs");
data/mrbayes-3.2.7a/src/sumpt.c:7015:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (dFilename, ".dists");
data/mrbayes-3.2.7a/src/sumpt.c:7083:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFilename[145], sFilename[145], vFilename[145], cFilename[145], tFilename[145];
data/mrbayes-3.2.7a/src/sumpt.c:7253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[145];
data/mrbayes-3.2.7a/src/sumpt.c:7649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[100];
data/mrbayes-3.2.7a/src/sumpt.c:7786:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *printLine, *markLine, temp[30], *label;
data/mrbayes-3.2.7a/src/sumpt.c:7972:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "%.2e", f);
data/mrbayes-3.2.7a/src/sumpt.c:7974:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "%.*lf", precision, f);
data/mrbayes-3.2.7a/src/sumpt.c:8022:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *printLine, *markLine, temp[20], *label;
data/mrbayes-3.2.7a/src/sumpt.c:8176:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (printLine+treeWidth+1,"(%d)", p->index);
data/mrbayes-3.2.7a/src/sumpt.c:8196:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "%d", (int) (p->support*100.0 + 0.5));
data/mrbayes-3.2.7a/src/sumpt.c:8224:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "%d", (int) (p->support*100.0 + 0.5));
data/mrbayes-3.2.7a/src/utils.c:314:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(word)>lastGen)
data/mrbayes-3.2.7a/src/utils.c:353:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(word)>lastStep)
data/mrbayes-3.2.7a/src/utils.c:357:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curStep = atoi(word);
data/mrbayes-3.2.7a/src/utils.c:429:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(word+4)>lastGen)
data/mrbayes-3.2.7a/src/utils.c:669:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)(p), (void *)(vals[i]), (size_t)rowCount[i] * sizeof(MrBFlt));
data/mrbayes-3.2.7a/src/utils.c:1049:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[40];
data/mrbayes-3.2.7a/src/utils.c:1052:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%.*le", precision, num);
data/mrbayes-3.2.7a/src/utils.c:1054:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s,"%.*lf", precision, num);
data/mrbayes-3.2.7a/src/utils.c:1287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[200];
data/mrbayes-3.2.7a/src/utils.c:1292:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fileName, "rb")) == NULL)
data/mrbayes-3.2.7a/src/utils.c:1305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[200];
data/mrbayes-3.2.7a/src/utils.c:1310:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fileName, "r")) == NULL)
data/mrbayes-3.2.7a/src/utils.c:1323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[200];
data/mrbayes-3.2.7a/src/utils.c:1328:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fileName, "r")) == NULL)
data/mrbayes-3.2.7a/src/utils.c:1340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[200];
data/mrbayes-3.2.7a/src/utils.c:1345:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fileName, "a+")) == NULL)
data/mrbayes-3.2.7a/src/utils.c:1358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[200];
data/mrbayes-3.2.7a/src/utils.c:1363:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (fileName, "w+")) == NULL)
data/mrbayes-3.2.7a/src/utils.c:1745:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/mrbayes-3.2.7a/src/utils.c:1750:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen (fileName, "r");
data/mrbayes-3.2.7a/src/utils.c:1797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/mrbayes-3.2.7a/src/utils.c:2927:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p->partition,q->partition, nLongsNeeded*sizeof(BitsLong));
data/mrbayes-3.2.7a/src/utils.c:3465:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p->partition, q->partition, nLongsNeeded*sizeof(BitsLong));
data/mrbayes-3.2.7a/src/utils.c:5561:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t->position[i][a]+t->nEvents[i][a], t->position[i][b], t->nEvents[i][b]*sizeof(MrBFlt));
data/mrbayes-3.2.7a/src/utils.c:5562:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t->rateMult[i][a]+t->nEvents[i][a], t->rateMult[i][b], t->nEvents[i][b]*sizeof(MrBFlt));
data/mrbayes-3.2.7a/src/utils.c:6433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[30];
data/mrbayes-3.2.7a/src/utils.c:6454:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi (temp);
data/mrbayes-3.2.7a/src/utils.c:7388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treeLine[SCREENWIDTH2], labelLine[100];
data/mrbayes-3.2.7a/src/utils.c:11035:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *) (m[0]));
data/mrbayes-3.2.7a/src/utils.c:11049:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *) (m[0]));
data/mrbayes-3.2.7a/src/utils.c:11063:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *) (m[0]));
data/mrbayes-3.2.7a/src/bayes.c:400:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cmdStr,cmdStrP,CMD_STRING_LENGTH - 2);
data/mrbayes-3.2.7a/src/bayes.c:592:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(workingDir,""); /* working directory */
data/mrbayes-3.2.7a/src/bayes.c:667:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(defaultModel.nst, "1"); /* number of substitution types */
data/mrbayes-3.2.7a/src/bayes.c:972:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, ""); /* holds blanks for indentation */
data/mrbayes-3.2.7a/src/best.c:1460:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/best.c:1666:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/command.c:475:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*list)[len] = (char *) SafeCalloc ((strlen(token)+1), sizeof(char));
data/mrbayes-3.2.7a/src/command.c:1067:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:1319:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (calName, "(");
data/mrbayes-3.2.7a/src/command.c:1507:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (calName, ",");
data/mrbayes-3.2.7a/src/command.c:1513:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (calName, ")");
data/mrbayes-3.2.7a/src/command.c:1644:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<(int)strlen(tkn); i++)
data/mrbayes-3.2.7a/src/command.c:1659:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) > 99)
data/mrbayes-3.2.7a/src/command.c:1730:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:2580:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) > 99)
data/mrbayes-3.2.7a/src/command.c:2756:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && !strcmp(tkn, "."))
data/mrbayes-3.2.7a/src/command.c:3085:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:3309:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && !strcmp(tkn, "."))
data/mrbayes-3.2.7a/src/command.c:3540:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(spacer,""); /* reset indentation */
data/mrbayes-3.2.7a/src/command.c:3560:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (exeFileName, inputFileName, 98);
data/mrbayes-3.2.7a/src/command.c:3577:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:3675:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 1)
data/mrbayes-3.2.7a/src/command.c:3751:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:3768:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:3786:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size_t)(tokenP-s)-strlen(token)+1, (size_t)(tokenP-s), cmdLine);
data/mrbayes-3.2.7a/src/command.c:3815:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:3832:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99)
data/mrbayes-3.2.7a/src/command.c:3836:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn));
data/mrbayes-3.2.7a/src/command.c:3958:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:4186:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:4423:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1)
data/mrbayes-3.2.7a/src/command.c:4468:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1)
data/mrbayes-3.2.7a/src/command.c:4513:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1)
data/mrbayes-3.2.7a/src/command.c:4574:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(p->string) > longestDescription)
data/mrbayes-3.2.7a/src/command.c:4575:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
longestDescription = (int) strlen(p->string);
data/mrbayes-3.2.7a/src/command.c:4588:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j<longestDescription - (int) strlen(p->string); j++)
data/mrbayes-3.2.7a/src/command.c:4603:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j<longestDescription - (int) strlen(p->string); j++)
data/mrbayes-3.2.7a/src/command.c:4627:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tkLen = (int) strlen(tkn);
data/mrbayes-3.2.7a/src/command.c:4631:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetLen = (int) strlen(p->string);
data/mrbayes-3.2.7a/src/command.c:4786:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:5009:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (70 - (int) strlen (title)) / 2;
data/mrbayes-3.2.7a/src/command.c:5010:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = 70 - i - (int) strlen(title);
data/mrbayes-3.2.7a/src/command.c:5328:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99)
data/mrbayes-3.2.7a/src/command.c:5799:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) > 99)
data/mrbayes-3.2.7a/src/command.c:5882:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:6128:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && !strcmp(tkn, "."))
data/mrbayes-3.2.7a/src/command.c:6588:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99)
data/mrbayes-3.2.7a/src/command.c:6592:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn));
data/mrbayes-3.2.7a/src/command.c:6598:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (index=0; index<(int)strlen(workingDir); index++)
data/mrbayes-3.2.7a/src/command.c:6603:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '\\')
data/mrbayes-3.2.7a/src/command.c:6603:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '\\')
data/mrbayes-3.2.7a/src/command.c:6604:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(workingDir,"\\");
data/mrbayes-3.2.7a/src/command.c:6607:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (index=0; index<(int)strlen(workingDir); index++)
data/mrbayes-3.2.7a/src/command.c:6612:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '/')
data/mrbayes-3.2.7a/src/command.c:6612:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(workingDir) > 0 && workingDir[strlen(workingDir)-1] != '/')
data/mrbayes-3.2.7a/src/command.c:6613:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(workingDir,"/");
data/mrbayes-3.2.7a/src/command.c:7091:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = (int) strlen(taxaNames[i]);
data/mrbayes-3.2.7a/src/command.c:7113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/command.c:7254:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99)
data/mrbayes-3.2.7a/src/command.c:7418:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) > 99)
data/mrbayes-3.2.7a/src/command.c:7495:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && tkn[0] == '.')
data/mrbayes-3.2.7a/src/command.c:7712:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) > 99)
data/mrbayes-3.2.7a/src/command.c:7795:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn) == 1 && !strcmp(tkn, "."))
data/mrbayes-3.2.7a/src/command.c:7911:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(tempName) > maxLen)
data/mrbayes-3.2.7a/src/command.c:7912:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxLen = (int) strlen(tempName);
data/mrbayes-3.2.7a/src/command.c:7967:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = (int) strlen(tempName);
data/mrbayes-3.2.7a/src/command.c:8215:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (t->name, tkn, 99);
data/mrbayes-3.2.7a/src/command.c:8367:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->bSetName[t->nBSets-1] = (char *) SafeCalloc (strlen(tkn)+1, sizeof(char));
data/mrbayes-3.2.7a/src/command.c:8827:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->eSetName[t->nESets-1] = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char));
data/mrbayes-3.2.7a/src/command.c:8832:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->bSetName[t->nBSets-1] = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char));
data/mrbayes-3.2.7a/src/command.c:8837:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->popSizeSetName = (char *) SafeCalloc (strlen(tempNameString)+1,sizeof(char));
data/mrbayes-3.2.7a/src/command.c:9028:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (text);
data/mrbayes-3.2.7a/src/command.c:9038:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dupstring = SafeMalloc (strlen (command) + 1);
data/mrbayes-3.2.7a/src/command.c:9055:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tkLen = (int) strlen(tk);
data/mrbayes-3.2.7a/src/command.c:9060:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetLen = (int) strlen(p->string);
data/mrbayes-3.2.7a/src/command.c:9103:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tkLen = (int) strlen(tk);
data/mrbayes-3.2.7a/src/command.c:9109:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetLen = (int) strlen(q->string);
data/mrbayes-3.2.7a/src/command.c:10192:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tempString, constraintNames[i], 22);
data/mrbayes-3.2.7a/src/command.c:10317:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tempString, taxaNames[i], 22);
data/mrbayes-3.2.7a/src/command.c:10319:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tempString, constraintNames[i-numTaxa], 22);
data/mrbayes-3.2.7a/src/command.c:13525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tkLen = (int) strlen(tk);
data/mrbayes-3.2.7a/src/command.c:13533:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetLen = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/command.c:13616:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s1) != strlen(s2))
data/mrbayes-3.2.7a/src/command.c:13616:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s1) != strlen(s2))
data/mrbayes-3.2.7a/src/command.c:13621:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s1) > strlen(s2))
data/mrbayes-3.2.7a/src/command.c:13621:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s1) > strlen(s2))
data/mrbayes-3.2.7a/src/command.c:13622:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(s2);
data/mrbayes-3.2.7a/src/command.c:13624:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(s1);
data/mrbayes-3.2.7a/src/command.c:13783:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > 0 || tokenType == ALPHA)
data/mrbayes-3.2.7a/src/command.c:13898:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spacer, token, commandPtr->string, tokenP - cmdStr - strlen(token)+1);
data/mrbayes-3.2.7a/src/command.c:13966:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/command.c:14357:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(transFrom[i])>99)
data/mrbayes-3.2.7a/src/command.c:14862:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (st, "");
data/mrbayes-3.2.7a/src/mcmc.c:420:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(printString);
data/mrbayes-3.2.7a/src/mcmc.c:421:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:2484:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(tempFile);
data/mrbayes-3.2.7a/src/mcmc.c:2488:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(tempFile);
data/mrbayes-3.2.7a/src/mcmc.c:2493:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(tempFile);
data/mrbayes-3.2.7a/src/mcmc.c:2502:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(tempFile);
data/mrbayes-3.2.7a/src/mcmc.c:2509:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(tempFile);
data/mrbayes-3.2.7a/src/mcmc.c:3558:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempStr)>99)
data/mrbayes-3.2.7a/src/mcmc.c:3562:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tempStr));
data/mrbayes-3.2.7a/src/mcmc.c:10612:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (bkupName, "~");
data/mrbayes-3.2.7a/src/mcmc.c:11239:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (bkupFileName, "~");
data/mrbayes-3.2.7a/src/mcmc.c:11241:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (oldBkupFileName, "~");
data/mrbayes-3.2.7a/src/mcmc.c:11324:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(printString,"");
data/mrbayes-3.2.7a/src/mcmc.c:11424:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11425:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11495:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11496:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11534:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11535:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11576:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11577:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11616:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11617:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11710:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11711:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11748:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:11749:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tempString, "");
data/mrbayes-3.2.7a/src/mcmc.c:12056:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(printString);
data/mrbayes-3.2.7a/src/mcmc.c:12065:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nErrors == 0 && proc_id == 0 && len+5 > strlen(s))
data/mrbayes-3.2.7a/src/mcmc.c:12212:25: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inputChar = getchar();
data/mrbayes-3.2.7a/src/mcmc.c:13361:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:13480:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (printString, "");
data/mrbayes-3.2.7a/src/mcmc.c:13616:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxLen = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13633:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13661:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13672:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13707:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13710:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13837:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/mcmc.c:13875:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxLen = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13900:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13925:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:13935:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/mcmc.c:15361:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while ((c = fgetc(fp)) != '\r' && c != '\n');
data/mrbayes-3.2.7a/src/mcmc.c:15366:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) == '\r' || c == '\n')
data/mrbayes-3.2.7a/src/mcmc.c:15382:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do { c = fgetc(fp);
data/mrbayes-3.2.7a/src/mcmc.c:15928:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bkupName,"~");
data/mrbayes-3.2.7a/src/mcmc.c:15936:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpParm[n] = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL)
data/mrbayes-3.2.7a/src/mcmc.c:15938:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (CopyResults(fpParm[n],bkupName+strlen(workingDir),numPreviousGen) == ERROR)
data/mrbayes-3.2.7a/src/mcmc.c:15952:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bkupName,"~");
data/mrbayes-3.2.7a/src/mcmc.c:15959:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpTree[n][i] = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL)
data/mrbayes-3.2.7a/src/mcmc.c:15961:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (CopyTreeResults(fpTree[n][i],bkupName+strlen(workingDir),numPreviousGen,numSamples) == ERROR)
data/mrbayes-3.2.7a/src/mcmc.c:15971:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bkupName,"~");
data/mrbayes-3.2.7a/src/mcmc.c:15978:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpSS = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL)
data/mrbayes-3.2.7a/src/mcmc.c:15980:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (CopyProcessSsFile(fpSS,bkupName+strlen(workingDir),steps,marginalLnLSS,splitfreqSS)==ERROR)
data/mrbayes-3.2.7a/src/mcmc.c:15989:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bkupName,"~");
data/mrbayes-3.2.7a/src/mcmc.c:15996:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpMcmc = OpenNewMBPrintFile (fileName+strlen(workingDir))) == NULL)
data/mrbayes-3.2.7a/src/mcmc.c:15998:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (CopyResults(fpMcmc,bkupName+strlen(workingDir),numPreviousGen)==ERROR)
data/mrbayes-3.2.7a/src/mcmc.c:17369:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (bkupFileName, "~");
data/mrbayes-3.2.7a/src/mcmc.c:18710:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/mcmc.c:18944:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spacer[strlen(spacer) - 3] = '\0';
data/mrbayes-3.2.7a/src/model.c:499:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int) (strlen (moveType->shortName) + strlen (param->name)) + 10;
data/mrbayes-3.2.7a/src/model.c:499:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int) (strlen (moveType->shortName) + strlen (param->name)) + 10;
data/mrbayes-3.2.7a/src/model.c:509:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10;
data/mrbayes-3.2.7a/src/model.c:509:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10;
data/mrbayes-3.2.7a/src/model.c:509:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int) (strlen (moveType->shortName) + strlen (moveType->paramName) + strlen (partitionDescriptor)) + 10;
data/mrbayes-3.2.7a/src/model.c:515:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength += (int)(strlen(param->subParams[i]->name)) + 1;
data/mrbayes-3.2.7a/src/model.c:576:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp->name,",");
data/mrbayes-3.2.7a/src/model.c:580:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (temp->name,")");
data/mrbayes-3.2.7a/src/model.c:2347:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/model.c:2630:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/model.c:3858:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(headerNames[i]);
data/mrbayes-3.2.7a/src/model.c:4157:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<(int)strlen(localTkn); i++)
data/mrbayes-3.2.7a/src/model.c:4163:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)strlen(temp); k++)
data/mrbayes-3.2.7a/src/model.c:4165:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(localTkn,temp,strlen(localTkn)) == 0)
data/mrbayes-3.2.7a/src/model.c:4171:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(localTkn,"prob",strlen(localTkn)) == 0)
data/mrbayes-3.2.7a/src/model.c:4176:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(localTkn,"targetrate",strlen(localTkn)) == 0)
data/mrbayes-3.2.7a/src/model.c:4231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=(int)strlen(localTkn);
data/mrbayes-3.2.7a/src/model.c:4241:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)strlen(temp); k++)
data/mrbayes-3.2.7a/src/model.c:4243:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp,localTkn,strlen(localTkn)) == 0)
data/mrbayes-3.2.7a/src/model.c:7934:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(modelParams[i].treeAgePr.name, "(");
data/mrbayes-3.2.7a/src/model.c:8026:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(modelParams[i].treeAgePr.name, ",");
data/mrbayes-3.2.7a/src/model.c:8036:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(modelParams[i].treeAgePr.name, ")");
data/mrbayes-3.2.7a/src/model.c:10596:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<(int)strlen(tempName); i++)
data/mrbayes-3.2.7a/src/model.c:10605:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)(strlen(temp)); k++)
data/mrbayes-3.2.7a/src/model.c:10621:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)strlen(temp); k++)
data/mrbayes-3.2.7a/src/model.c:10623:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(tempName,temp,strlen(tempName)) == 0)
data/mrbayes-3.2.7a/src/model.c:12194:25: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/model.c:12850:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(treeName) > 99)
data/mrbayes-3.2.7a/src/model.c:12857:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<(int)strlen(localName); i++)
data/mrbayes-3.2.7a/src/model.c:12864:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)strlen(temp); k++)
data/mrbayes-3.2.7a/src/model.c:12877:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k=0; k<(int)strlen(temp); k++)
data/mrbayes-3.2.7a/src/model.c:12879:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(localName,temp,strlen(localName)) == 0)
data/mrbayes-3.2.7a/src/model.c:15503:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/model.c:18819:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tempCodon, "A");
data/mrbayes-3.2.7a/src/model.c:18821:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tempCodon, "C");
data/mrbayes-3.2.7a/src/model.c:18823:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tempCodon, "G");
data/mrbayes-3.2.7a/src/model.c:18825:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tempCodon, "T");
data/mrbayes-3.2.7a/src/model.c:23568:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25 + 10;
data/mrbayes-3.2.7a/src/model.c:23574:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25 + 10;
data/mrbayes-3.2.7a/src/model.c:23915:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25 + (int)(strlen(p->subParams[k]->name));
data/mrbayes-3.2.7a/src/model.c:23915:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25 + (int)(strlen(p->subParams[k]->name));
data/mrbayes-3.2.7a/src/model.c:23921:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (printedCol + (int)(strlen(p->subParams[k]->name)) + 5 > screenWidth)
data/mrbayes-3.2.7a/src/model.c:23929:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (printedCol + (int)(strlen(p->subParams[k]->name)) + 2 > screenWidth)
data/mrbayes-3.2.7a/src/model.c:23932:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25;
data/mrbayes-3.2.7a/src/model.c:23940:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol += (int)strlen(p->subParams[k]->name);
data/mrbayes-3.2.7a/src/model.c:23999:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25;
data/mrbayes-3.2.7a/src/model.c:24011:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol += 9 + (int)strlen(mv->name) + (int)(log10(mv->relProposalProb[chainIndex])) + 3;
data/mrbayes-3.2.7a/src/model.c:24015:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (printedCol + 11 + (int)(strlen(mv->name)) + (int)(log10(mv->relProposalProb[chainIndex])) + 3 > screenWidth)
data/mrbayes-3.2.7a/src/model.c:24018:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = 25 + (int)(strlen(spacer));
data/mrbayes-3.2.7a/src/model.c:24026:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol += (9 + (int)(strlen(mv->name)) + (int)(log10(mv->relProposalProb[chainIndex])) + 3);
data/mrbayes-3.2.7a/src/model.c:24079:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25;
data/mrbayes-3.2.7a/src/model.c:24081:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (printedCol + 2 + (int)(strlen(mv->moveType->shortName)) > screenWidth)
data/mrbayes-3.2.7a/src/model.c:24084:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol = (int)(strlen(spacer)) + 25;
data/mrbayes-3.2.7a/src/model.c:24092:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printedCol += (int)strlen(mv->moveType->shortName);
data/mrbayes-3.2.7a/src/proposal.c:814:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:1802:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:2334:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:2678:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:2685:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:2758:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:3213:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:3220:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:3273:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:3851:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:4144:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:4152:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:4631:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:5016:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:5023:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:5845:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6070:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6075:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6638:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6855:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6973:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:6978:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7037:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7248:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7343:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7348:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7622:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7790:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:7794:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:8069:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:8319:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:9504:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:10074:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:10152:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:10530:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:10534:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:11903:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:12428:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/proposal.c:14740:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/sumpt.c:289:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(headerNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:335:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp, sumpParams.sumpOutfile, 90);
data/mrbayes-3.2.7a/src/sumpt.c:342:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stamp) > 1)
data/mrbayes-3.2.7a/src/sumpt.c:508:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/sumpt.c:524:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/sumpt.c:635:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(headerNames[i]);
data/mrbayes-3.2.7a/src/sumpt.c:1037:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/sumpt.c:1059:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/sumpt.c:1102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99)
data/mrbayes-3.2.7a/src/sumpt.c:1127:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99)
data/mrbayes-3.2.7a/src/sumpt.c:1353:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99 && (strchr(tkn,' ')-tkn) > 99)
data/mrbayes-3.2.7a/src/sumpt.c:1639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sumpParams.sumpFileName) > 2)
data/mrbayes-3.2.7a/src/sumpt.c:1641:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = sumpParams.sumpFileName + (int) strlen(sumpParams.sumpFileName) - 2;
data/mrbayes-3.2.7a/src/sumpt.c:1985:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(temp);
data/mrbayes-3.2.7a/src/sumpt.c:1998:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp, fileName, 90);
data/mrbayes-3.2.7a/src/sumpt.c:2005:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stamp) > 1)
data/mrbayes-3.2.7a/src/sumpt.c:2122:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j2 = (int)(strlen(headerNames[i]) + 2 + strlen(modelElementNames[j][j1]));
data/mrbayes-3.2.7a/src/sumpt.c:2122:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j2 = (int)(strlen(headerNames[i]) + 2 + strlen(modelElementNames[j][j1]));
data/mrbayes-3.2.7a/src/sumpt.c:2138:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp,fileName,90);
data/mrbayes-3.2.7a/src/sumpt.c:2146:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stamp) > 1)
data/mrbayes-3.2.7a/src/sumpt.c:2482:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(temp);
data/mrbayes-3.2.7a/src/sumpt.c:2495:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tempf, fileName, 90);
data/mrbayes-3.2.7a/src/sumpt.c:2502:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stamp) > 1)
data/mrbayes-3.2.7a/src/sumpt.c:3248:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (t->nodes[i].label, "");
data/mrbayes-3.2.7a/src/sumpt.c:4391:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (spacer, "");
data/mrbayes-3.2.7a/src/sumpt.c:4689:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(stamp) > 1)
data/mrbayes-3.2.7a/src/sumpt.c:5195:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (taxaNames[k]);
data/mrbayes-3.2.7a/src/sumpt.c:5528:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = i + (int)(strlen(treeName)) + 2; /* length of length{m}[n] or height{m}[n] */
data/mrbayes-3.2.7a/src/sumpt.c:5533:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(sumtParams.tree->bSetName[j]) + 7 + i;
data/mrbayes-3.2.7a/src/sumpt.c:5539:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(sumtParams.tree->eSetName[j]) + 8 + i;
data/mrbayes-3.2.7a/src/sumpt.c:5545:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(sumtParams.tree->popSizeSetName) + i;
data/mrbayes-3.2.7a/src/sumpt.c:5585:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5604:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5623:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5643:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5656:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5672:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5691:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempStrLength=(int)strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:5864:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tkn)>99)
data/mrbayes-3.2.7a/src/sumpt.c:5868:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MrBayesPrint ("%s has %d characters.\n", spacer,strlen(tkn));
data/mrbayes-3.2.7a/src/sumpt.c:6500:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p->label)>99)
data/mrbayes-3.2.7a/src/sumpt.c:6528:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sumtParams.popSizeSetName = (char *) SafeCalloc (strlen(t->popSizeSetName)+1, sizeof(char));
data/mrbayes-3.2.7a/src/sumpt.c:6954:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)(strlen(p->label)) + 4 + (int)(log10(index+1));
data/mrbayes-3.2.7a/src/sumpt.c:6956:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)(strlen(p->label));
data/mrbayes-3.2.7a/src/sumpt.c:6969:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(p->label) > nameLength)
data/mrbayes-3.2.7a/src/sumpt.c:7069:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (stamp);
data/mrbayes-3.2.7a/src/sumpt.c:7215:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (stamp);
data/mrbayes-3.2.7a/src/sumpt.c:7671:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:7711:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tempStr);
data/mrbayes-3.2.7a/src/sumpt.c:7977:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = (int) strlen (temp);
data/mrbayes-3.2.7a/src/sumpt.c:8199:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from = (int)(from + 1.5 + ((to - from - 1 - strlen(temp)) / 2.0));
data/mrbayes-3.2.7a/src/sumpt.c:8227:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from = (int)(from + 1.5 + ((to - from - 1 - strlen(temp)) / 2.0));
data/mrbayes-3.2.7a/src/utils.c:311:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (strCpy,strBuf,longestLine);
data/mrbayes-3.2.7a/src/utils.c:350:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (strCpy,strBuf,longestLine);
data/mrbayes-3.2.7a/src/utils.c:422:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (strCpy,strBuf,longestLine);
data/mrbayes-3.2.7a/src/utils.c:801:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > strlen(expected))
data/mrbayes-3.2.7a/src/utils.c:801:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > strlen(expected))
data/mrbayes-3.2.7a/src/utils.c:804:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (token);
data/mrbayes-3.2.7a/src/utils.c:909:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF)
data/mrbayes-3.2.7a/src/utils.c:918:32: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (((nextCh = getc(fp)) == EOF) || (nextCh != '\n'))
data/mrbayes-3.2.7a/src/utils.c:939:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/mrbayes-3.2.7a/src/utils.c:944:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/mrbayes-3.2.7a/src/utils.c:950:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(fp)) == '\n')
data/mrbayes-3.2.7a/src/utils.c:954:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/mrbayes-3.2.7a/src/utils.c:963:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/mrbayes-3.2.7a/src/utils.c:1290:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1290:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1308:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1308:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1326:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1326:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1343:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1343:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1361:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1361:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 199 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1598:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*target = (char *) SafeCalloc (strlen (source) + 1, sizeof (char));
data/mrbayes-3.2.7a/src/utils.c:1602:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (source) + strlen (*target) +
data/mrbayes-3.2.7a/src/utils.c:1602:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (source) + strlen (*target) +
data/mrbayes-3.2.7a/src/utils.c:1616:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*target = (char *) SafeCalloc (strlen (source) + 1, sizeof (char));
data/mrbayes-3.2.7a/src/utils.c:1620:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (source) + 1) * sizeof (char));
data/mrbayes-3.2.7a/src/utils.c:1696:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) < strlen(t))
data/mrbayes-3.2.7a/src/utils.c:1696:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) < strlen(t))
data/mrbayes-3.2.7a/src/utils.c:1697:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
minLen = (int) strlen(s);
data/mrbayes-3.2.7a/src/utils.c:1699:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
minLen = (int) strlen(t);
data/mrbayes-3.2.7a/src/utils.c:1748:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fileName, name, 99 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1748:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fileName, name, 99 - strlen(fileName));
data/mrbayes-3.2.7a/src/utils.c:1811:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/mrbayes-3.2.7a/src/utils.c:1897:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pt->name,"");
data/mrbayes-3.2.7a/src/utils.c:2004:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (t->name, "");
data/mrbayes-3.2.7a/src/utils.c:2074:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (t->name, "");
data/mrbayes-3.2.7a/src/utils.c:3086:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to->bSetName[i] = (char *) SafeCalloc (strlen(from->bSetName[i])+2, sizeof(char));
data/mrbayes-3.2.7a/src/utils.c:3094:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to->eSetName[i] = (char *) SafeCalloc (strlen(from->eSetName[i])+2, sizeof(char));
data/mrbayes-3.2.7a/src/utils.c:3120:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to->popSizeSetName = (char *) SafeCalloc (strlen(from->popSizeSetName) + 1, sizeof(char));
data/mrbayes-3.2.7a/src/utils.c:4292:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/utils.c:5158:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mrbayes-3.2.7a/src/utils.c:6242:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (p->label,"");
ANALYSIS SUMMARY:
Hits = 1110
Lines analyzed = 117411 in approximately 3.37 seconds (34834 lines/second)
Physical Source Lines of Code (SLOC) = 95553
Hits@level = [0] 651 [1] 343 [2] 468 [3] 1 [4] 298 [5] 0
Hits@level+ = [0+] 1761 [1+] 1110 [2+] 767 [3+] 299 [4+] 298 [5+] 0
Hits/KSLOC@level+ = [0+] 18.4296 [1+] 11.6166 [2+] 8.02696 [3+] 3.12915 [4+] 3.11869 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.