Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nco-4.9.5/bld/libnco_c++_tst.cc
Examining data/nco-4.9.5/bld/libnco_tst.c
Examining data/nco-4.9.5/doc/cdtime.c
Examining data/nco-4.9.5/src/nco++/ExitException.hpp
Examining data/nco-4.9.5/src/nco++/Invoke.cc
Examining data/nco-4.9.5/src/nco++/NcapVar.cc
Examining data/nco-4.9.5/src/nco++/NcapVarVector.cc
Examining data/nco-4.9.5/src/nco++/fmc_all_cls.cc
Examining data/nco-4.9.5/src/nco++/fmc_cls.cc
Examining data/nco-4.9.5/src/nco++/fmc_gsl_cls.cc
Examining data/nco-4.9.5/src/nco++/ncap2.cc
Examining data/nco-4.9.5/src/nco++/ncap2_att.cc
Examining data/nco-4.9.5/src/nco++/ncap2_utl.cc
Examining data/nco-4.9.5/src/nco++/ncoEnumTokenTypes.hpp
Examining data/nco-4.9.5/src/nco++/ncoLexer.cpp
Examining data/nco-4.9.5/src/nco++/ncoLexer.hpp
Examining data/nco-4.9.5/src/nco++/ncoParser.cpp
Examining data/nco-4.9.5/src/nco++/ncoParser.hpp
Examining data/nco-4.9.5/src/nco++/ncoParserTokenTypes.hpp
Examining data/nco-4.9.5/src/nco++/ncoTree.cpp
Examining data/nco-4.9.5/src/nco++/ncoTree.hpp
Examining data/nco-4.9.5/src/nco++/nco_gsl.cc
Examining data/nco-4.9.5/src/nco++/prs_cls.cc
Examining data/nco-4.9.5/src/nco++/sdo_utl.cc
Examining data/nco-4.9.5/src/nco++/sym_cls.cc
Examining data/nco-4.9.5/src/nco/libnco.h
Examining data/nco-4.9.5/src/nco/mpncbo.c
Examining data/nco-4.9.5/src/nco/mpncecat.c
Examining data/nco-4.9.5/src/nco/mpncflint.c
Examining data/nco-4.9.5/src/nco/mpncpdq.c
Examining data/nco-4.9.5/src/nco/mpncra.c
Examining data/nco-4.9.5/src/nco/mpncwa.c
Examining data/nco-4.9.5/src/nco/ncap_utl.c
Examining data/nco-4.9.5/src/nco/ncap_utl.h
Examining data/nco-4.9.5/src/nco/ncatted.c
Examining data/nco-4.9.5/src/nco/ncbo.c
Examining data/nco-4.9.5/src/nco/ncecat.c
Examining data/nco-4.9.5/src/nco/ncflint.c
Examining data/nco-4.9.5/src/nco/ncks.c
Examining data/nco-4.9.5/src/nco/nco.h
Examining data/nco-4.9.5/src/nco/nco_att_utl.c
Examining data/nco-4.9.5/src/nco/nco_att_utl.h
Examining data/nco-4.9.5/src/nco/nco_aux.c
Examining data/nco-4.9.5/src/nco/nco_aux.h
Examining data/nco-4.9.5/src/nco/nco_bnr.c
Examining data/nco-4.9.5/src/nco/nco_bnr.h
Examining data/nco-4.9.5/src/nco/nco_cln_utl.c
Examining data/nco-4.9.5/src/nco/nco_cln_utl.h
Examining data/nco-4.9.5/src/nco/nco_cnf_dmn.c
Examining data/nco-4.9.5/src/nco/nco_cnf_dmn.h
Examining data/nco-4.9.5/src/nco/nco_cnf_typ.c
Examining data/nco-4.9.5/src/nco/nco_cnf_typ.h
Examining data/nco-4.9.5/src/nco/nco_cnk.c
Examining data/nco-4.9.5/src/nco/nco_cnk.h
Examining data/nco-4.9.5/src/nco/nco_cnv_arm.c
Examining data/nco-4.9.5/src/nco/nco_cnv_arm.h
Examining data/nco-4.9.5/src/nco/nco_cnv_csm.c
Examining data/nco-4.9.5/src/nco/nco_cnv_csm.h
Examining data/nco-4.9.5/src/nco/nco_crt.c
Examining data/nco-4.9.5/src/nco/nco_crt.h
Examining data/nco-4.9.5/src/nco/nco_ctl.c
Examining data/nco-4.9.5/src/nco/nco_ctl.h
Examining data/nco-4.9.5/src/nco/nco_dbg.c
Examining data/nco-4.9.5/src/nco/nco_dbg.h
Examining data/nco-4.9.5/src/nco/nco_dmn_utl.c
Examining data/nco-4.9.5/src/nco/nco_dmn_utl.h
Examining data/nco-4.9.5/src/nco/nco_fl_utl.c
Examining data/nco-4.9.5/src/nco/nco_fl_utl.h
Examining data/nco-4.9.5/src/nco/nco_flt.c
Examining data/nco-4.9.5/src/nco/nco_flt.h
Examining data/nco-4.9.5/src/nco/nco_getopt.c
Examining data/nco-4.9.5/src/nco/nco_getopt.h
Examining data/nco-4.9.5/src/nco/nco_grp_trv.c
Examining data/nco-4.9.5/src/nco/nco_grp_trv.h
Examining data/nco-4.9.5/src/nco/nco_grp_utl.c
Examining data/nco-4.9.5/src/nco/nco_grp_utl.h
Examining data/nco-4.9.5/src/nco/nco_kd.c
Examining data/nco-4.9.5/src/nco/nco_kd.h
Examining data/nco-4.9.5/src/nco/nco_lmt.c
Examining data/nco-4.9.5/src/nco/nco_lmt.h
Examining data/nco-4.9.5/src/nco/nco_lst_utl.c
Examining data/nco-4.9.5/src/nco/nco_lst_utl.h
Examining data/nco-4.9.5/src/nco/nco_map.c
Examining data/nco-4.9.5/src/nco/nco_map.h
Examining data/nco-4.9.5/src/nco/nco_md5.c
Examining data/nco-4.9.5/src/nco/nco_md5.h
Examining data/nco-4.9.5/src/nco/nco_mmr.c
Examining data/nco-4.9.5/src/nco/nco_mmr.h
Examining data/nco-4.9.5/src/nco/nco_mpi.h
Examining data/nco-4.9.5/src/nco/nco_msa.c
Examining data/nco-4.9.5/src/nco/nco_msa.h
Examining data/nco-4.9.5/src/nco/nco_mss_val.c
Examining data/nco-4.9.5/src/nco/nco_mss_val.h
Examining data/nco-4.9.5/src/nco/nco_mta.c
Examining data/nco-4.9.5/src/nco/nco_mta.h
Examining data/nco-4.9.5/src/nco/nco_netcdf.c
Examining data/nco-4.9.5/src/nco/nco_netcdf.h
Examining data/nco-4.9.5/src/nco/nco_omp.c
Examining data/nco-4.9.5/src/nco/nco_omp.h
Examining data/nco-4.9.5/src/nco/nco_pck.c
Examining data/nco-4.9.5/src/nco/nco_pck.h
Examining data/nco-4.9.5/src/nco/nco_ply.c
Examining data/nco-4.9.5/src/nco/nco_ply.h
Examining data/nco-4.9.5/src/nco/nco_ply_lst.c
Examining data/nco-4.9.5/src/nco/nco_ply_lst.h
Examining data/nco-4.9.5/src/nco/nco_ppc.c
Examining data/nco-4.9.5/src/nco/nco_ppc.h
Examining data/nco-4.9.5/src/nco/nco_prn.c
Examining data/nco-4.9.5/src/nco/nco_prn.h
Examining data/nco-4.9.5/src/nco/nco_rec_var.c
Examining data/nco-4.9.5/src/nco/nco_rec_var.h
Examining data/nco-4.9.5/src/nco/nco_rgr.c
Examining data/nco-4.9.5/src/nco/nco_rgr.h
Examining data/nco-4.9.5/src/nco/nco_rth_flt.c
Examining data/nco-4.9.5/src/nco/nco_rth_flt.h
Examining data/nco-4.9.5/src/nco/nco_rth_utl.c
Examining data/nco-4.9.5/src/nco/nco_rth_utl.h
Examining data/nco-4.9.5/src/nco/nco_scl_utl.c
Examining data/nco-4.9.5/src/nco/nco_scl_utl.h
Examining data/nco-4.9.5/src/nco/nco_scm.c
Examining data/nco-4.9.5/src/nco/nco_scm.h
Examining data/nco-4.9.5/src/nco/nco_sld.c
Examining data/nco-4.9.5/src/nco/nco_sld.h
Examining data/nco-4.9.5/src/nco/nco_sng_utl.c
Examining data/nco-4.9.5/src/nco/nco_sng_utl.h
Examining data/nco-4.9.5/src/nco/nco_sph.c
Examining data/nco-4.9.5/src/nco/nco_sph.h
Examining data/nco-4.9.5/src/nco/nco_srm.c
Examining data/nco-4.9.5/src/nco/nco_srm.h
Examining data/nco-4.9.5/src/nco/nco_typ.h
Examining data/nco-4.9.5/src/nco/nco_uthash.h
Examining data/nco-4.9.5/src/nco/nco_var_avg.c
Examining data/nco-4.9.5/src/nco/nco_var_avg.h
Examining data/nco-4.9.5/src/nco/nco_var_lst.c
Examining data/nco-4.9.5/src/nco/nco_var_lst.h
Examining data/nco-4.9.5/src/nco/nco_var_rth.c
Examining data/nco-4.9.5/src/nco/nco_var_rth.h
Examining data/nco-4.9.5/src/nco/nco_var_scv.c
Examining data/nco-4.9.5/src/nco/nco_var_scv.h
Examining data/nco-4.9.5/src/nco/nco_var_utl.c
Examining data/nco-4.9.5/src/nco/nco_var_utl.h
Examining data/nco-4.9.5/src/nco/ncpdq.c
Examining data/nco-4.9.5/src/nco/ncra.c
Examining data/nco-4.9.5/src/nco/ncrename.c
Examining data/nco-4.9.5/src/nco/ncwa.c
Examining data/nco-4.9.5/src/nco_c++/nco_att.cc
Examining data/nco-4.9.5/src/nco_c++/nco_dmn.cc
Examining data/nco-4.9.5/src/nco_c++/nco_fl.cc
Examining data/nco-4.9.5/src/nco_c++/nco_hgh.cc
Examining data/nco-4.9.5/src/nco_c++/nco_utl.cc
Examining data/nco-4.9.5/src/nco_c++/nco_var.cc
Examining data/nco-4.9.5/src/nco_c++/tst.cc
FINAL RESULTS:
data/nco-4.9.5/src/nco/nco_fl_utl.c:283:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
rcd_sys=chmod(fl_nm,fl_md);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1972:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(units_sng, var_att->val.sngp[0]);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:3659:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bnds_txt,"Bounds for $%s coordinate",var1->nm );
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5190:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, var_in->val.sngp[0]);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5609:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fmt_sng,var_fmt->val.sngp[0]);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:6312:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,prn_str, dlon, dlat);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:6322:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout, prn_str, var_lon->val.dp[ idx*grid_corners] ,var_lat->val.dp[ idx*grid_corners]);
data/nco-4.9.5/src/nco++/ncap2.cc:557:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spt_arg_cat,spt_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2.cc:563:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(spt_arg_cat,spt_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2_att.cc:174:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ln_nm,var_nm);strcat(ln_nm,"@");strcat(ln_nm,att_nm);
data/nco-4.9.5/src/nco++/ncap2_att.cc:174:42: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(ln_nm,var_nm);strcat(ln_nm,"@");strcat(ln_nm,att_nm);
data/nco-4.9.5/src/nco++/ncap2_att.cc:451:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng,"%s%%s",nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco++/ncap2_att.cc:454:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(att_sng,att_in_sng);
data/nco-4.9.5/src/nco++/ncap2_att.cc:460:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.fp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:463:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.dp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:466:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.sp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:469:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,(long)var->val.ip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:479:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.bp[att_lmn]);
data/nco-4.9.5/src/nco++/ncap2_att.cc:482:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.ubp[att_lmn]);
data/nco-4.9.5/src/nco++/ncap2_att.cc:485:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.usp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:488:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.uip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:491:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.i64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:494:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.ui64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:497:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(att_lmn=0;att_lmn<att_sz;att_lmn++) (void)fprintf(stdout,att_sng,var->val.sngp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");
data/nco-4.9.5/src/nco++/ncap2_att.cc:544:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tp,"%s, size = %li %s, value = ",var->nm,att_sz,nco_typ_sng(var->type));
data/nco-4.9.5/src/nco++/ncap2_att.cc:549:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng,"%s%%s",nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco++/ncap2_att.cc:552:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(att_sng,att_in_sng);
data/nco-4.9.5/src/nco++/ncap2_att.cc:561:67: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ;att_lmn++) { (void)sprintf(tp,att_sng,var->val.fp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:564:67: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ;att_lmn++) { (void)sprintf(tp,att_sng,var->val.dp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:567:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.sp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:570:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,(long)var->val.ip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:582:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(tp,att_sng,char_foo);
data/nco-4.9.5/src/nco++/ncap2_att.cc:589:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.bp[att_lmn], (att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:592:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.ubp[att_lmn], (att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:595:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.usp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:598:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.uip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:601:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.i64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:604:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.ui64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:607:68: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ; att_lmn++) { (void)sprintf(tp,att_sng,var->val.sngp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_utl.cc:555:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(var_nm, var_vtr[idx]->getVar().c_str());
data/nco-4.9.5/src/nco++/ncoTree.cpp:1180:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tsng, str->getText().c_str());
data/nco-4.9.5/src/nco++/ncoTree.cpp:1212:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tsng, str1->getText().c_str());
data/nco-4.9.5/src/nco++/prs_cls.cc:671:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_cmn->nm, dmn_out_vtr[idx]->nm);
data/nco-4.9.5/src/nco/ncap_utl.c:204:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(ncap_err_sng,"Warning: Variable %s has aleady been saved in %s",var->nm,((prs_sct *)prs_arg)->fl_out);
data/nco-4.9.5/src/nco/ncecat.c:794:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gpe_arg,grp_out);
data/nco-4.9.5/src/nco/ncecat.c:795:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(gpe_arg,grp_out_sfx);
data/nco-4.9.5/src/nco/ncecat.c:796:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(gpe->edt) (void)strcat(gpe_arg,gpe->edt);
data/nco-4.9.5/src/nco/ncks.c:698:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rec_dmn_nm=strcpy(rec_dmn_nm,fix_pfx);
data/nco-4.9.5/src/nco/ncks.c:699:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
rec_dmn_nm=strcat(rec_dmn_nm,optarg);
data/nco-4.9.5/src/nco/ncks.c:1384:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(nco_dbg_lvl > nco_dbg_std) (void)sprintf(smr_xtn_sng," (representation of extended/underlying filetype %s)",nco_fmt_xtn_sng(nco_fmt_xtn_get())); else smr_xtn_sng[0]='\0';
data/nco-4.9.5/src/nco/ncks.c:1385:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(smr_sng,"Summary of %s: filetype = %s%s, %i groups (max. depth = %i), %i dimensions (%i fixed, %i record), %i variables (%i atomic, %i user-defined types), %i attributes (%i global, %i group, %i variable)",fl_in,nco_fmt_sng(fl_in_fmt),smr_xtn_sng,grp_nbr_fl,grp_dpt_fl,trv_tbl->nbr_dmn,trv_tbl->nbr_dmn-dmn_rec_fl,dmn_rec_fl,var_nbr_fl,var_nbr_fl-var_udt_fl,var_udt_fl,att_glb_nbr+att_grp_nbr+att_var_nbr,att_glb_nbr,att_grp_nbr,att_var_nbr);
data/nco-4.9.5/src/nco/nco_att_utl.c:394:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aed.att_nm,att_nm_tmp);
data/nco-4.9.5/src/nco/nco_att_utl.c:470:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aed.att_nm,nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_att_utl.c:875:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
fl_in_lst_sng=strcat(fl_in_lst_sng,fl_lst_in[fl_idx]);
data/nco-4.9.5/src/nco/nco_att_utl.c:876:42: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(fl_idx != fl_nbr-1) fl_in_lst_sng=strcat(fl_in_lst_sng,spc_sng);
data/nco-4.9.5/src/nco/nco_att_utl.c:972:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(hst_sng,hst_sng_fmt,fl_in,att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:992:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(hst_sng,hst_sng_fmt,fl_in,att_nm,hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:1011:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(prv_new,"%s: %s",time_stamp_sng,hst_sng);
data/nco-4.9.5/src/nco/nco_att_utl.c:1013:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(att_nm,att_nm_prv);
data/nco-4.9.5/src/nco/nco_att_utl.c:1033:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(prv_new,"%s: %s%s",time_stamp_sng,hst_sng,prv_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:1097:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(hst_new,"%s: %s",time_stamp_sng,hst_sng);
data/nco-4.9.5/src/nco/nco_att_utl.c:1099:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(att_nm,att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:1119:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(hst_new,"%s: %s\n%s",time_stamp_sng,hst_sng,hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:1510:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(obj_nm,rnm_att->old_nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1627:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(grp_nm_fll_out,gpe->nm_cnn);
data/nco-4.9.5/src/nco/nco_att_utl.c:1628:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
grp_nm_fll_out=strcat(grp_nm_fll_out,grp_out);
data/nco-4.9.5/src/nco/nco_att_utl.c:1643:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(grp_nm_fll_out,gpe->nm_cnn);
data/nco-4.9.5/src/nco/nco_att_utl.c:1644:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
grp_nm_fll_out=strcat(grp_nm_fll_out,grp_nm_fll_in);
data/nco-4.9.5/src/nco/nco_att_utl.c:1666:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(grp_nm_fll_out,grp_out);
data/nco-4.9.5/src/nco/nco_att_utl.c:1667:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
grp_nm_fll_out=strcat(grp_nm_fll_out,gpe->nm_cnn);
data/nco-4.9.5/src/nco/nco_att_utl.c:1813:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gpe->nm_cnn+1L,gpe->nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1825:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gpe->nm_cnn,gpe->nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1958:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
vrs_sng_xtn=strcat(vrs_sng_xtn,vrs_pfx);
data/nco-4.9.5/src/nco/nco_att_utl.c:1959:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
vrs_sng_xtn=strcat(vrs_sng_xtn,vrs_sng);
data/nco-4.9.5/src/nco/nco_att_utl.c:1960:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
vrs_sng_xtn=strcat(vrs_sng_xtn,vrs_sfx);
data/nco-4.9.5/src/nco/nco_aux.c:77:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_lat,var_nm);
data/nco-4.9.5/src/nco/nco_aux.c:83:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_lon,var_nm);
data/nco-4.9.5/src/nco/nco_aux.c:327:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nm_dmn,dmn_nm);
data/nco-4.9.5/src/nco/nco_cln_utl.c:202:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,"%s%s", bdate,btime);
data/nco-4.9.5/src/nco/nco_cln_utl.c:949:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lcl_unt_sng,val_unt_sng);
data/nco-4.9.5/src/nco/nco_cln_utl.c:960:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcl_unt_sng,ptr);
data/nco-4.9.5/src/nco/nco_cln_utl.c:1005:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(fl_bs_sng,"%s",tmp_sng) != 1) return NCO_ERR;
data/nco-4.9.5/src/nco/nco_cln_utl.c:1013:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(sscanf(fl_unt_sng,"%s",tmp_sng) == 1) unt_tm_typ=nco_cln_get_tm_typ(tmp_sng);
data/nco-4.9.5/src/nco/nco_cln_utl.c:1124:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfr,unt_sng);
data/nco-4.9.5/src/nco/nco_cln_utl.h:39:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/nco-4.9.5/src/nco/nco_cln_utl.h:41:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/nco-4.9.5/src/nco/nco_cln_utl.h:41:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/nco-4.9.5/src/nco/nco_cnv_csm.c:237:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(wrn_sng,"Most, but not all, CCM/CCSM/CF files which are in CCM format contain the fields \"nbdate\", \"time\", and \"date\". When the \"date\" field is present but either \"nbdate\" or \"time\" is missing, then %s is unable to construct a meaningful average \"date\" to store in the output file. Therefore the \"date\" variable in your output file may be meaningless.\n",nco_prg_nm_get());
data/nco-4.9.5/src/nco/nco_cnv_csm.c:571:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(aed.val.cp,dmn_rdc[dmn_mch[dmn_idx_mch]]->nm);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:575:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(aed.val.cp,att_op_sng);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:678:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_val,aed.val.cp);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:700:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(aed.val.cp,sbs_ptr+dmn_sng_lng);
data/nco-4.9.5/src/nco/nco_ctl.c:574:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbr_sng,nc_inq_libvers());
data/nco-4.9.5/src/nco/nco_fl_utl.c:328:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(cmd_cp,cmd_cp_fmt,fl_src_cdl,fl_dst_cdl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:329:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd=system(cmd_cp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:493:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(fl_dmm,"%s%s%ld",nco_prg_nm_get(),tmp_sng_1,(long)pid);
data/nco-4.9.5/src/nco/nco_fl_utl.c:594:18: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while(((cnv_nbr=fscanf(fp_in,fmt_sng,bfr_in)) != EOF) && (fl_lst_in_lng < FL_LST_IN_MAX_LNG)){
data/nco-4.9.5/src/nco/nco_fl_utl.c:745:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_nm_lcl,fl_pth_lcl_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:824:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_nm_lcl,fl_pth_lcl_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:847:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_nm_lcl,fl_pth_lcl_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:885:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_nm_lcl,fl_pth_lcl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:887:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(fl_nm_lcl,fl_nm_stub);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1001:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
fl_nm_netrc=(char *)strcat(fl_nm_netrc,fl_stb_netrc);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1048:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(host_nm_lcl,_res.defdname);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1054:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(usr_email,"%s@%s",usr_nm,host_nm_lcl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1062:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(fmt_ftp,fmt_ftp_netrc_tpl,ftp_cmd_netrc,host_nm_rmt,"%s","%s");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1066:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(fmt_ftp,fmt_ftp_anonymous_tpl,ftp_cmd_anonymous,host_nm_rmt,usr_email,"%s","%s");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1154:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd_stt=system("which hsi"); /* Generic location on user's PATH */
data/nco-4.9.5/src/nco/nco_fl_utl.c:1212:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(cmd_sys,cmd_mkdir);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1214:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(cmd_sys,fl_pth_lcl_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1215:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd_sys=system(cmd_sys);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1232:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(cmd_sys,rmt_cmd->fmt,fl_nm_lcl,fl_nm_rmt);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1234:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(cmd_sys,rmt_cmd->fmt,fl_nm_rmt,fl_nm_lcl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1239:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd_sys=system(cmd_sys);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1362:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(cmd_mv,cmd_mv_fmt,fl_src_cdl,fl_dst_cdl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1363:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd_sys=system(cmd_mv);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1507:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(fl_nm_nbr_sng,fl_nm_nbr_sng_fmt,yyyy_crr,mm_crr);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1510:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(fl_nm_nbr_sng,fl_nm_nbr_sng_fmt,fl_nm_nbr_crr);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1513:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(fl_nm_nbr_sng,fl_nm_nbr_sng_fmt,fl_nm_nbr_crr);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1530:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_nm,fl_pth);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1550:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(fl_nm,fl_nm_stub);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1764:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(fl_out_tmp,"%s.%s%s.%s.%s",fl_out,tmp_sng_1,pid_sng,nco_prg_nm_get(),tmp_sng_2);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1788:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
fl_out_tmp_sys=strcat(fl_out_tmp_sys,fl_out);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1794:22: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
fl_out_hnd=creat(mktemp(fl_out_tmp_sys),0600);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1811:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(fl_out_tmp,fl_out);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1986:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(rm_cmd,"%s %s",rm_cmd_sys_dep,fl_nm);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1989:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd=system(rm_cmd);
data/nco-4.9.5/src/nco/nco_grp_trv.c:309:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_grp_trv.c:897:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_trv.c:901:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_grp_trv.c:932:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nm_fll_sfx,grp_nm_fll_prn);
data/nco-4.9.5/src/nco/nco_grp_trv.c:934:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nm_fll_sfx,trv_tbl->lst[tbl_idx].nm);
data/nco-4.9.5/src/nco/nco_grp_trv.c:935:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nm_fll_sfx,trv_tbl->nsm_sfx);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1353:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf_lst_var_nm_fll,cf_lst_var);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1358:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf_lst_var_nm_fll,var_trv->grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1359:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cf_lst_var_nm_fll, cf_lst_var+(size_t)1);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1364:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf_lst_var_nm_fll,var_trv->grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1368:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cf_lst_var_nm_fll,cf_lst_var+(size_t)2);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1373:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf_lst_var_nm_fll,var_trv->grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1374:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(var_trv->grp_nm_fll,sls_sng)) strcat(cf_lst_var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1375:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cf_lst_var_nm_fll,cf_lst_var);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1387:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cf_lst_var_nm_fll,var_trv->grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1388:49: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(var_trv->grp_nm_fll,sls_sng)) strcat(cf_lst_var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1389:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cf_lst_var_nm_fll,cf_lst_var);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1410:53: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(var_trv->grp_nm_fll,sls_sng)) strcat(cf_lst_var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1411:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cf_lst_var_nm_fll,cf_lst_var);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1573:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_nm_fll,var_trv.grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1574:52: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(var_trv.grp_nm_fll,sls_sng)) strcat(dmn_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1575:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dmn_nm_fll,dmn_nm_grp);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1602:56: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(var_trv.grp_nm_fll,sls_sng)) strcat(dmn_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1603:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dmn_nm_fll,dmn_nm_grp);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1782:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grp_fll_sls,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1825:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grp_fll_sls,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2588:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2591:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2594:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2759:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2762:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(dmn_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2765:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dmn_nm_fll,dmn_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2807:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2810:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2813:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gpe_var_nm_fll,grp_out_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3599:35: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_out_fll,sls_sng)) strcat(gpe_var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3600:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gpe_var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:4663:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm,var_trv->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:4681:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_cmn[idx_dmn].nm,crd->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:4689:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_cmn[idx_dmn].nm,dmn_trv->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5030:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_nm_fll_out,grp_dmn_out_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5032:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dmn_nm_fll_out,dmn_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5180:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*dmn_cmn_out)[nbr_dmn_out_tmp].nm,dmn_cmn[idx_dmn].nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5234:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmn_cmn[0].nm,rec_dmn_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:6047:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm,var_trv->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8081:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(units,trv_tbl->lst[idx_tbl].var_dmn[dmn_idx_fnd].lat_crd[0].units);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8479:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trv_tbl->lst[idx_crd].var_dmn[idx_dmn].lat_crd[nbr_lat_crd-1].units,units_lat);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8536:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trv_tbl->lst[idx_crd].var_dmn[idx_dmn].lon_crd[nbr_lon_crd-1].units,units_lat);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8628:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(crd_trv->var_dmn[idx_dmn].lat_crd[nbr_lat_crd-1].units,units_lat);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8673:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(crd_trv->var_dmn[idx_dmn].lon_crd[nbr_lon_crd-1].units,units_lon);
data/nco-4.9.5/src/nco/nco_grp_utl.c:9174:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grp_nm_fll,trv_tbl->nsm[idx_nsm].grp_nm_fll_prn);
data/nco-4.9.5/src/nco/nco_grp_utl.c:9176:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10276:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grp_nm_fll,trv_tbl->nsm[idx_nsm].grp_nm_fll_prn);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10278:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10339:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpl_dmn_nm,var_tpl_trv[idx_tpl]->var_dmn[idx_dmn].crd->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10346:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpl_dmn_nm,var_tpl_trv[idx_tpl]->var_dmn[idx_dmn].ncd->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10763:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(aed.val.cp,grp_out_fll);
data/nco-4.9.5/src/nco/nco_lst_utl.c:99:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(fmt_sng_new+mch_psn_srt,"%%s");
data/nco-4.9.5/src/nco/nco_lst_utl.c:100:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(fmt_sng_new+mch_psn_srt+2,"%s",fmt_sng+mch_psn_end+1);
data/nco-4.9.5/src/nco/nco_lst_utl.c:786:40: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sng=(sng_lst[lmn] == NULL) ? sng : strcat(sng,sng_lst[lmn]);
data/nco-4.9.5/src/nco/nco_lst_utl.c:787:47: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(lmn != lmn_nbr-1L && dlm_lng != 0) sng=strcat(sng,dlm_sng);
data/nco-4.9.5/src/nco/nco_map.c:2282:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(idx_sng,idx_sng_fmt,idx_min+1UL);
data/nco-4.9.5/src/nco/nco_map.c:2285:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(idx_sng,idx_sng_fmt,idx_max+1UL);
data/nco-4.9.5/src/nco/nco_map.c:2299:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(idx_sng,idx_sng_fmt,idx+1UL);
data/nco-4.9.5/src/nco/nco_mmr.c:367:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rcd_sys=fscanf
data/nco-4.9.5/src/nco/nco_mmr.c:421:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(prc_stt_sng,prc_stt_fmt_out,prc_stt->pid,prc_stt->comm,prc_stt->state,prc_stt->ppid,prc_stt->pgrp,prc_stt->session,prc_stt->tty_nr,prc_stt->tpgid,prc_stt->flags,prc_stt->minflt,prc_stt->cminflt,prc_stt->majflt,prc_stt->cmajflt,prc_stt->utime,prc_stt->stime,prc_stt->cutime,prc_stt->cstime,prc_stt->priority,prc_stt->nice,prc_stt->num_threads,prc_stt->itrealvalue,prc_stt->starttime,prc_stt->vsize,prc_stt->rss,prc_stt->rlim,prc_stt->startcode,prc_stt->endcode,prc_stt->startstack,prc_stt->kstkesp,prc_stt->kstkeip,prc_stt->signal,prc_stt->blocked,prc_stt->sigignore,prc_stt->sigcatch,prc_stt->wchan,prc_stt->nswap,prc_stt->cnswap,prc_stt->exit_signal,prc_stt->processor,prc_stt->rt_priority,prc_stt->policy,prc_stt->delayacct_blkio_ticks);
data/nco-4.9.5/src/nco/nco_mmr.c:460:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rcd_sys=fscanf
data/nco-4.9.5/src/nco/nco_mmr.c:479:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(prc_stm_sng,prc_stm_fmt_out,prc_stm->size,prc_stm->resident,prc_stm->share,prc_stm->text,prc_stm->lib,prc_stm->data,prc_stm->dt);
data/nco-4.9.5/src/nco/nco_msa.c:1304:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm,var_trv->nm);
data/nco-4.9.5/src/nco/nco_mss_val.c:98:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_FLOAT: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.fp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:99:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_DOUBLE: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.dp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:100:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_SHORT: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.sp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:101:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.ip[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:102:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_CHAR: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.cp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:103:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_BYTE: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.bp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:104:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UBYTE: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.ubp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:105:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_USHORT: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.usp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:106:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.uip[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:107:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT64: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.i64p[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:108:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT64: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.ui64p[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:109:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_STRING: (void)sprintf(mss_val_1_sng,fmt_sng,var1->mss_val.sngp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:114:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_FLOAT: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.fp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:115:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_DOUBLE: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.dp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:116:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_SHORT: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.sp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:117:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.ip[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:118:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_CHAR: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.cp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:119:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_BYTE: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.bp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:120:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UBYTE: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.ubp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:121:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_USHORT: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.usp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:122:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.uip[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:123:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT64: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.i64p[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:124:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT64: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.ui64p[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:125:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_STRING: (void)sprintf(mss_val_2_sng,fmt_sng,var2->mss_val.sngp[0]); break;
data/nco-4.9.5/src/nco/nco_mss_val.c:364:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa,"%s: WARNING Variable %s has attribute \"%s\" but not \"%s\". To comply with netCDF conventions, NCO ignores values that equal the %s attribute when performing arithmetic.",nco_prg_nm_get(),var->nm,nco_not_mss_val_sng_get(),nco_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mss_val.c:365:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa1," Confusingly, values equal to the missing_value should also be neglected. However, it is tedious and (possibly) computationally expensive to check each value against multiple missing values during arithmetic on large variables. So NCO thinks that processing variables with a \"%s\" attribute and no \"%s\" attribute may produce undesired arithmetic results (i.e., where values that were intended to be neglected were not, in fact, neglected).",nco_not_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mss_val.c:366:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa2, " We suggest you rename all \"%s\" attributes to \"%s\" or include both \"%s\" and \"%s\" attributes (with the _same values_) for all variables that have either attribute. Because it is long, this message is only printed once per operator even though multiple variables may have the same attribute configuration. More information on missing values is given at:\nhttp://nco.sf.net/nco.html#mss_val\nExamples of renaming attributes are at:\nhttp://nco.sf.net/nco.html#xmp_ncrename\nExamples of creating and deleting attributes are at:\nhttp://nco.sf.net/nco.html#xmp_ncatted\n",nco_not_mss_val_sng_get(),nco_mss_val_sng_get(),nco_not_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mss_val.c:435:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa,"%s: WARNING Variable %s has attribute \"%s\" but not \"%s\". To comply with netCDF conventions, NCO ignores values that equal the %s attribute when performing arithmetic.",nco_prg_nm_get(),var_nm,nco_not_mss_val_sng_get(),nco_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mss_val.c:436:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa1," Confusingly, values equal to the missing_value should also be neglected. However, it is tedious and (possibly) computationally expensive to check each value against multiple missing values during arithmetic on large variables. So NCO thinks that processing variables with a \"%s\" attribute and no \"%s\" attribute may produce undesired arithmetic results (i.e., where values that were intended to be neglected were not, in fact, neglected).",nco_not_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mss_val.c:437:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sa2, " We suggest you rename all \"%s\" attributes to \"%s\" or include both \"%s\" and \"%s\" attributes (with the _same values_) for all variables that have either attribute. Because it is long, this message is only printed once per operator even though multiple variables may have the same attribute configuration. More information on missing values is given at:\nhttp://nco.sf.net/nco.html#mss_val\nExamples of renaming attributes are at:\nhttp://nco.sf.net/nco.html#xmp_ncrename\nExamples of creating and deleting attributes are at:\nhttp://nco.sf.net/nco.html#xmp_ncatted\n",nco_not_mss_val_sng_get(),nco_mss_val_sng_get(),nco_not_mss_val_sng_get(),nco_mss_val_sng_get());
data/nco-4.9.5/src/nco/nco_mta.c:320:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(value) temp_value= strcat(temp_value,value);
data/nco-4.9.5/src/nco/nco_mta.c:354:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sng_fnl+cpy_ctr,sng_lst[sng_idx]);
data/nco-4.9.5/src/nco/nco_mta.c:355:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(sng_idx<sng_nbr-1) strcpy(sng_fnl+cpy_ctr+tmp_lng,nco_mta_dlm);
data/nco-4.9.5/src/nco/nco_ply_lst.c:1014:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mem_lst[thr_idx].kd_list[jdx].dbg_sng, "lret=%d in_sng=%s lret2=%d out_sng=%s\n",lret, in_sng, lret2, out_sng);
data/nco-4.9.5/src/nco/nco_ppc.c:290:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sng2mch,var_nm);
data/nco-4.9.5/src/nco/nco_prn.c:113:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(flg_glb) (void)strcpy(src_sng,(CDL) ? "" : "Global"); else (void)strcpy(src_sng,(CDL) ? "" : "Group");
data/nco-4.9.5/src/nco/nco_prn.c:113:73: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(flg_glb) (void)strcpy(src_sng,(CDL) ? "" : "Global"); else (void)strcpy(src_sng,(CDL) ? "" : "Group");
data/nco-4.9.5/src/nco/nco_prn.c:312:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sng_foo,"%u%s",prm_lst[prm_idx],(prm_idx == prm_nbr-1) ? "" : ",");
data/nco-4.9.5/src/nco/nco_prn.c:313:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(val_hdn_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:542:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_pln,"%s",cls_typ <= NC_MAX_ATOMIC_TYPE ? nco_typ_fmt_sng_att_cdl(bs_typ) : nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:543:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_dlm,"%s%%s",cls_typ <= NC_MAX_ATOMIC_TYPE ? nco_typ_fmt_sng_att_cdl(bs_typ) : nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:545:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_pln,"%s", nco_typ_fmt_sng_att_xml(bs_typ) );
data/nco-4.9.5/src/nco/nco_prn.c:546:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_dlm,"%s%%s", nco_typ_fmt_sng_att_xml(bs_typ) );
data/nco-4.9.5/src/nco/nco_prn.c:548:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_pln,"%s", nco_typ_fmt_sng_att_jsn(bs_typ) );
data/nco-4.9.5/src/nco/nco_prn.c:549:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_dlm,"%s%%s", nco_typ_fmt_sng_att_jsn(bs_typ) );
data/nco-4.9.5/src/nco/nco_prn.c:551:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_pln,"%s", nco_typ_fmt_sng(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:552:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_sng_dlm,"%s%%s", nco_typ_fmt_sng(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:559:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,att_sng_pln,val_flt);
data/nco-4.9.5/src/nco/nco_prn.c:571:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,att_sng_pln,val_dbl);
data/nco-4.9.5/src/nco/nco_prn.c:579:52: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,(long)att[idx].val.ip[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:580:54: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.sp[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:598:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sng_val_sng,(CDL ? chr2sng_cdl(chr_val,val_sng) : XML ? chr2sng_xml(chr_val,val_sng) : chr2sng_jsn(chr_val,val_sng)));
data/nco-4.9.5/src/nco/nco_prn.c:599:56: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(chr_val == '\n' && lmn != att_szm1 && CDL) (void)sprintf(sng_val_sng,"%s\",\n%*s\"",sng_val_sng_cpy,prn_ndn+prn_flg->var_fst,spc_sng);
data/nco-4.9.5/src/nco/nco_prn.c:612:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.bp[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:613:54: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.ubp[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:614:55: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.usp[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:615:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.uip[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:616:54: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.i64p[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:617:55: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: for(lmn=0;lmn<att_sz;lmn++) (void)fprintf(fp_out,att_sng_dlm,att[idx].val.ui64p[lmn],(lmn != att_szm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:633:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sng_val_sng,(CDL ? chr2sng_cdl(chr_val,val_sng) : XML ? chr2sng_xml(chr_val,val_sng) : chr2sng_jsn(chr_val,val_sng)));
data/nco-4.9.5/src/nco/nco_prn.c:640:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(fp_out,att_sng_dlm,att[idx].val.sngp[lmn],(lmn != att_szm1) ? spr_sng : "");
data/nco-4.9.5/src/nco/nco_prn.c:674:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,att_sng_pln,val_flt);
data/nco-4.9.5/src/nco/nco_prn.c:687:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,att_sng_pln,val_dbl);
data/nco-4.9.5/src/nco/nco_prn.c:695:62: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,(long)vln_val_ip[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:696:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_sp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:699:63: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_bp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:700:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_ubp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:701:65: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_usp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:702:63: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_uip[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:703:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_i64p[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:704:65: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,att_sng_dlm,vln_val_ui64p[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:1124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dlm_sng,"%s",nco_typ_fmt_sng_var_cdl(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:1154:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(fp_out,fmt_sng_mss_val,mss_val_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1160:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,dlm_sng,var->val.fp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1161:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,dlm_sng,var->val.dp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1162:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,dlm_sng,var->val.sp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1163:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,dlm_sng,var->val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1164:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(fp_out,dlm_sng,var->val.cp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1165:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,dlm_sng,var->val.bp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1166:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,dlm_sng,var->val.ubp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1167:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,dlm_sng,var->val.usp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1168:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,dlm_sng,var->val.uip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1169:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,dlm_sng,var->val.i64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1170:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,dlm_sng,var->val.ui64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1171:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,dlm_sng,var->val.sngp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1383:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(stdout,dlm_sng,var.val.fp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1384:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(stdout,dlm_sng,var.val.dp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1385:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(stdout,dlm_sng,var.val.sp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1386:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(stdout,dlm_sng,var.val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1387:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(stdout,dlm_sng,var.val.cp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1388:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(stdout,dlm_sng,var.val.bp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1389:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(stdout,dlm_sng,var.val.ubp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1390:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(stdout,dlm_sng,var.val.usp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1391:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(stdout,dlm_sng,var.val.uip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1392:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(stdout,dlm_sng,var.val.i64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1393:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(stdout,dlm_sng,var.val.ui64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1394:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(stdout,dlm_sng,var.val.sngp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1404:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s = %s %%s\n",nco_typ_fmt_sng(var.type));
data/nco-4.9.5/src/nco/nco_prn.c:1406:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(stdout,var_sng,var_nm,var.val.fp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1407:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(stdout,var_sng,var_nm,var.val.dp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1408:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(stdout,var_sng,var_nm,var.val.sp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1409:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(stdout,var_sng,var_nm,var.val.ip[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1411:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s='%s' %%s\n",nco_typ_fmt_sng(var.type));
data/nco-4.9.5/src/nco/nco_prn.c:1412:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,var_sng,var_nm,var.val.cp[lmn],unit_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1414:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(stdout,var_sng,var_nm,var.val.bp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1415:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(stdout,var_sng,var_nm,var.val.ubp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1416:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(stdout,var_sng,var_nm,var.val.usp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1417:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(stdout,var_sng,var_nm,var.val.uip[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1418:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(stdout,var_sng,var_nm,var.val.i64p[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1419:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(stdout,var_sng,var_nm,var.val.ui64p[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1420:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(stdout,var_sng,var_nm,var.val.sngp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1514:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(dmn_sng,"%%s%c%%ld%c=%s ",arr_lft_dlm,arr_rgt_dlm,nco_typ_fmt_sng(dim[dmn_idx].type));
data/nco-4.9.5/src/nco/nco_prn.c:1518:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.fp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1519:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.dp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1520:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.sp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1521:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1522:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.cp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1523:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.bp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1524:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ubp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1525:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.usp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1526:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.uip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1527:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.i64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1528:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ui64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1529:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.sngp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:1533:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(dmn_sng,"%%s%c%%ld%c ",arr_lft_dlm,arr_rgt_dlm);
data/nco-4.9.5/src/nco/nco_prn.c:1534:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn);
data/nco-4.9.5/src/nco/nco_prn.c:1542:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s%c%%ld%c=%s %%s\n",arr_lft_dlm,arr_rgt_dlm,nco_typ_fmt_sng(var.type));
data/nco-4.9.5/src/nco/nco_prn.c:1551:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s%c%%ld--%%ld%c=\"%%s\" %%s",arr_lft_dlm,arr_rgt_dlm);
data/nco-4.9.5/src/nco/nco_prn.c:1553:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,var_sng,var_nm,idx_crr,idx_crr+strlen((char *)var.val.cp+lmn),(char *)var.val.cp+lmn,unit_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1559:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s%c%%ld--%%ld%c='%s' %%s",arr_lft_dlm,arr_rgt_dlm,dmn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1560:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,var_sng,var_nm,idx_crr,idx_crr+dmn_cnt[var.nbr_dim-1]-1L,var.val.cp+lmn,unit_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1571:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.fp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1572:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.dp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1573:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.sp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1574:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.ip[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1575:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.cp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1576:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.bp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1577:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.ubp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1578:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.usp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1579:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.uip[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1580:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.i64p[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1581:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.ui64p[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1582:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(stdout,var_sng,var_nm,idx_crr,var.val.sngp[lmn],unit_sng); break;
data/nco-4.9.5/src/nco/nco_prn.c:1796:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->xml) (void)sprintf(dmn_sng," shape=\"%s\"",(cls_typ == NC_VLEN ? "*" : "" ));
data/nco-4.9.5/src/nco/nco_prn.c:1798:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sz_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:1802:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sng_foo,"%s%s%s",(dmn_idx == 0) ? " shape=\"" : "",var_trv->var_dmn[dmn_idx].dmn_nm,(dmn_idx < dmn_nbr-1) ? " " : (cls_typ == NC_VLEN ? " *\"" : "\""));
data/nco-4.9.5/src/nco/nco_prn.c:1806:30: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(dmn_idx==0) (void)sprintf(dmn_sng,"%*s\"shape\": [", prn_ndn+prn_flg->sxn_fst,spc_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1807:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sng_foo,"\"%s\"%s",nm_jsn,(dmn_idx < dmn_nbr-1) ? ", " : "],");
data/nco-4.9.5/src/nco/nco_prn.c:1811:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sng_foo,"%s%s%s",(dmn_idx == 0) ? "(" : "",nm_cdl,(dmn_idx < dmn_nbr-1) ? "," : ")");
data/nco-4.9.5/src/nco/nco_prn.c:1814:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dmn_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:1819:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sz_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:1828:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sz_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:1830:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(sng_foo,"sizeof(%s)",nco_typ_sng(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:1831:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sz_sng,sng_foo);
data/nco-4.9.5/src/nco/nco_prn.c:2182:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(strcmp(dlm_sng,fmt_sng_mss_val)) (void)fprintf(fp_out,fmt_sng_mss_val,mss_val_sng); else (void)fprintf(fp_out,"%s, ",mss_val_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2185:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,dlm_sng,var->val.fp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2186:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,dlm_sng,var->val.dp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2187:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,dlm_sng,var->val.sp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2188:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,dlm_sng,var->val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2189:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(fp_out,dlm_sng,var->val.cp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2190:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,dlm_sng,var->val.bp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2191:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,dlm_sng,var->val.ubp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2192:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,dlm_sng,var->val.usp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2193:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,dlm_sng,var->val.uip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2194:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,dlm_sng,var->val.i64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2195:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,dlm_sng,var->val.ui64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2196:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,dlm_sng,var->val.sngp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2216:72: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2216:114: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2220:72: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_att_xml(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2220:114: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_att_xml(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2224:72: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_att_jsn(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2224:114: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(fmt_val && (bs_typ == NC_FLOAT || bs_typ == NC_DOUBLE)) (void)sprintf(fmt_sng,"%s",fmt_val); else (void)sprintf(fmt_sng,"%s",nco_typ_fmt_sng_att_jsn(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:2355:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(val_sng,"%s",mss_val_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2361:21: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,val_flt);
data/nco-4.9.5/src/nco/nco_prn.c:2370:21: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,val_dbl);
data/nco-4.9.5/src/nco/nco_prn.c:2376:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_SHORT: (void)sprintf(val_sng,fmt_sng,var->val.sp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2377:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT: (void)sprintf(val_sng,fmt_sng,var->val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2401:58: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(chr_val == '\n' && lmn != var_szm1) (void)sprintf(sng_val_sng,"%s\",\n%*s\"",sng_val_sng_cpy,prn_ndn+prn_flg->var_fst,spc_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2406:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_BYTE: (void)sprintf(val_sng,fmt_sng,var->val.bp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2407:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UBYTE: (void)sprintf(val_sng,fmt_sng,var->val.ubp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2408:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_USHORT: (void)sprintf(val_sng,fmt_sng,var->val.usp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2409:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT: (void)sprintf(val_sng,fmt_sng,var->val.uip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2410:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_INT64: (void)sprintf(val_sng,fmt_sng,var->val.i64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2411:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case NC_UINT64: (void)sprintf(val_sng,fmt_sng,var->val.ui64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2423:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sng_val_sng,(*chr2sng_sf)(chr_val,val_sng));
data/nco-4.9.5/src/nco/nco_prn.c:2443:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(val_sng,"%s",mss_val_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2447:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,val_flt);
data/nco-4.9.5/src/nco/nco_prn.c:2460:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,val_dbl);
data/nco-4.9.5/src/nco/nco_prn.c:2474:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(is_mss_val) (void)sprintf(val_sng,"%s",mss_val_sng); else rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,(long)vln_val_ip[vln_idx]);
data/nco-4.9.5/src/nco/nco_prn.c:2474:77: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if(is_mss_val) (void)sprintf(val_sng,"%s",mss_val_sng); else rcd_prn=snprintf(val_sng,(size_t)NCO_ATM_SNG_LNG,fmt_sng,(long)vln_val_ip[vln_idx]);
data/nco-4.9.5/src/nco/nco_prn.c:2478:66: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_sp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2481:65: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_bp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2482:66: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_ubp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2483:67: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_usp[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2484:65: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_uip[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2485:66: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_i64p[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2486:67: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: for(vln_idx=0;vln_idx<vln_lng;vln_idx++) (void)fprintf(fp_out,fmt_sng,vln_val_ui64p[vln_idx],(vln_idx != vln_lngm1) ? spr_sng : ""); break;
data/nco-4.9.5/src/nco/nco_prn.c:2542:73: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(nco_dbg_lvl_get() >= nco_dbg_std && flg_malloc_unit_var) (void)sprintf(tmp_sng,"units=\"%s\"",unit_sng_var);
data/nco-4.9.5/src/nco/nco_prn.c:2561:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(var_sng,"%*s%%s = %s %%s\n",prn_ndn,spc_sng,nco_typ_fmt_sng(var->type)); else (void)sprintf(var_sng,"%*s%s\n",prn_ndn,spc_sng,nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2561:131: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(var_sng,"%*s%%s = %s %%s\n",prn_ndn,spc_sng,nco_typ_fmt_sng(var->type)); else (void)sprintf(var_sng,"%*s%s\n",prn_ndn,spc_sng,nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2567:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,var_sng,var_nm,var->val.fp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2568:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,var_sng,var_nm,var->val.dp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2569:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,var_sng,var_nm,var->val.sp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2570:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,var_sng,var_nm,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2573:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%*s%%s = '%s' %%s\n",prn_ndn,spc_sng,nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2574:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(fp_out,var_sng,var_nm,var->val.cp[lmn],unit_sng_var);
data/nco-4.9.5/src/nco/nco_prn.c:2579:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,var_sng,var_nm,(unsigned char)var->val.bp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2580:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,var_sng,var_nm,var->val.ubp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2581:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,var_sng,var_nm,var->val.usp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2582:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,var_sng,var_nm,var->val.uip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2583:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,var_sng,var_nm,var->val.i64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2584:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,var_sng,var_nm,var->val.ui64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2585:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,var_sng,var_nm,var->val.sngp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2586:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,var_sng,var_nm,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2591:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,var_sng,var->val.fp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2592:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,var_sng,var->val.dp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2593:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,var_sng,var->val.sp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2594:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,var_sng,var->val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2597:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"'%s'\n",nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2598:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(fp_out,var_sng,var->val.cp[lmn]);
data/nco-4.9.5/src/nco/nco_prn.c:2603:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,var_sng,(unsigned char)var->val.bp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2604:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,var_sng,var->val.ubp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2605:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,var_sng,var->val.usp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2606:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,var_sng,var->val.uip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2607:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,var_sng,var->val.i64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2608:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,var_sng,var->val.ui64p[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2609:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,var_sng,var->val.sngp[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2610:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,var_sng,var->val.ip[lmn]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2744:45: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(dmn_sng,"%*s%%s%s%%ld%s=%s ",(idx == 0) ? prn_ndn : 0,spc_sng,prn_flg->FORTRAN_IDX_CNV ? "(" : "[",prn_flg->FORTRAN_IDX_CNV ? ")" : "]",nco_typ_fmt_sng(dim[dmn_idx].type)); else (void)sprintf(dmn_sng,"%*s%s ",(idx == 0) ? prn_ndn : 0,spc_sng,nco_typ_fmt_sng(dim[dmn_idx].type));
data/nco-4.9.5/src/nco/nco_prn.c:2744:237: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(dmn_sng,"%*s%%s%s%%ld%s=%s ",(idx == 0) ? prn_ndn : 0,spc_sng,prn_flg->FORTRAN_IDX_CNV ? "(" : "[",prn_flg->FORTRAN_IDX_CNV ? ")" : "]",nco_typ_fmt_sng(dim[dmn_idx].type)); else (void)sprintf(dmn_sng,"%*s%s ",(idx == 0) ? prn_ndn : 0,spc_sng,nco_typ_fmt_sng(dim[dmn_idx].type));
data/nco-4.9.5/src/nco/nco_prn.c:2762:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.fp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2763:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.dp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2764:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.sp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2765:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2767:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(unit_cln_crd) (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,crd_sng_lgb); else (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.cp[crd_idx_crr]);
data/nco-4.9.5/src/nco/nco_prn.c:2767:107: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(unit_cln_crd) (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,crd_sng_lgb); else (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.cp[crd_idx_crr]);
data/nco-4.9.5/src/nco/nco_prn.c:2769:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,(unsigned char)dim[dmn_idx].val.bp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2770:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ubp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2771:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.usp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2772:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.uip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2773:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.i64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2774:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ui64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2775:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.sngp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2776:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].nm,dmn_sbs_prn,dim[dmn_idx].val.ip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2781:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.fp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2782:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.dp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2783:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.sp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2784:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.ip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2786:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(unit_cln_crd) (void)fprintf(fp_out,dmn_sng,crd_sng_lgb); else (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.cp[crd_idx_crr]);
data/nco-4.9.5/src/nco/nco_prn.c:2786:79: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(unit_cln_crd) (void)fprintf(fp_out,dmn_sng,crd_sng_lgb); else (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.cp[crd_idx_crr]);
data/nco-4.9.5/src/nco/nco_prn.c:2788:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,dmn_sng,(unsigned char)dim[dmn_idx].val.bp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2789:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.ubp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2790:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.usp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2791:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.uip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2792:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.i64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2793:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.ui64p[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2794:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.sngp[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2795:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,dmn_sng,dim[dmn_idx].val.ip[crd_idx_crr]); break;
data/nco-4.9.5/src/nco/nco_prn.c:2833:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s[%%ld--%%ld]=\"%%s\" %%s");
data/nco-4.9.5/src/nco/nco_prn.c:2835:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(var_sng,"%%s[%%ld--%%ld]='%%s' %%s");
data/nco-4.9.5/src/nco/nco_prn.c:2844:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(fp_out,var_sng,var_nm,var_dsk_srt,var_dsk_end,prn_sng,unit_sng_var);
data/nco-4.9.5/src/nco/nco_prn.c:2853:41: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(var_sng,"%*s%%s%s%%ld%s=%s %%s\n",(var_trv->is_crd_var) ? prn_ndn : 0,spc_sng,prn_flg->FORTRAN_IDX_CNV ? "(" : "[",prn_flg->FORTRAN_IDX_CNV ? ")" : "]",nco_typ_fmt_sng(var->type)); else (void)sprintf(var_sng,"%*s%s\n",(var_trv->is_crd_var) ? prn_ndn : 0,spc_sng,nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2853:241: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(prn_flg->PRN_DMN_VAR_NM) (void)sprintf(var_sng,"%*s%%s%s%%ld%s=%s %%s\n",(var_trv->is_crd_var) ? prn_ndn : 0,spc_sng,prn_flg->FORTRAN_IDX_CNV ? "(" : "[",prn_flg->FORTRAN_IDX_CNV ? ")" : "]",nco_typ_fmt_sng(var->type)); else (void)sprintf(var_sng,"%*s%s\n",(var_trv->is_crd_var) ? prn_ndn : 0,spc_sng,nco_typ_fmt_sng(var->type));
data/nco-4.9.5/src/nco/nco_prn.c:2864:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.fp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2865:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.dp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2866:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.sp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2867:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2868:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.cp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2869:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,(unsigned char)var->val.bp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2870:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.ubp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2871:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.usp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2872:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.uip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2873:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.i64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2874:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.ui64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2875:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.sngp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2876:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,var_sng,var_nm,var_dsk,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2881:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_FLOAT: (void)fprintf(fp_out,var_sng,var->val.fp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2882:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_DOUBLE: (void)fprintf(fp_out,var_sng,var->val.dp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2883:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,var_sng,var->val.sp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2884:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,var_sng,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2885:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_CHAR: (void)fprintf(fp_out,var_sng,var->val.cp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2886:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,var_sng,(unsigned char)var->val.bp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2887:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,var_sng,var->val.ubp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2888:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,var_sng,var->val.usp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2889:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,var_sng,var->val.uip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2890:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,var_sng,var->val.i64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2891:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,var_sng,var->val.ui64p[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2892:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_STRING: (void)fprintf(fp_out,var_sng,var->val.sngp[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:2893:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_VLEN: (void)fprintf(fp_out,var_sng,var->val.ip[lmn],unit_sng_var); break;
data/nco-4.9.5/src/nco/nco_prn.c:3114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3117:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3120:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3270:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3273:38: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3276:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3317:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3320:38: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3323:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3500:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(enm_fmt,"%%s = %s",nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:3508:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.b); break;
data/nco-4.9.5/src/nco/nco_prn.c:3509:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.ub); break;
data/nco-4.9.5/src/nco/nco_prn.c:3510:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.s); break;
data/nco-4.9.5/src/nco/nco_prn.c:3511:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.us); break;
data/nco-4.9.5/src/nco/nco_prn.c:3512:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.i); break;
data/nco-4.9.5/src/nco/nco_prn.c:3513:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.ui); break;
data/nco-4.9.5/src/nco/nco_prn.c:3514:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.i64); break;
data/nco-4.9.5/src/nco/nco_prn.c:3515:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,enm_fmt,mbr_nm_cdl,enm_val.ui64); break;
data/nco-4.9.5/src/nco/nco_prn.c:3564:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3567:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3570:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3669:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3672:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3675:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3827:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(enm_fmt,"%*s<ncml:enum key=\"%s\">%%s</ncml:enum>\n",prn_ndn+prn_flg->spc_per_lvl,spc_sng,nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:3832:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,enm_fmt,enm_val.b,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3833:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,enm_fmt,enm_val.ub,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3834:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,enm_fmt,enm_val.s,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3835:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,enm_fmt,enm_val.us,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3836:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,enm_fmt,enm_val.i,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3837:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,enm_fmt,enm_val.ui,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3838:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,enm_fmt,enm_val.i64,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3839:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,enm_fmt,enm_val.ui64,mbr_nm); break;
data/nco-4.9.5/src/nco/nco_prn.c:3870:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3873:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3876:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_prn.c:3944:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:3947:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:3950:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_prn.c:4101:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(enm_fmt,"\"%%s\":%s",nco_typ_fmt_sng_var_cdl(bs_typ));
data/nco-4.9.5/src/nco/nco_prn.c:4108:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_BYTE: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.b); break;
data/nco-4.9.5/src/nco/nco_prn.c:4109:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UBYTE: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.ub); break;
data/nco-4.9.5/src/nco/nco_prn.c:4110:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_SHORT: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.s); break;
data/nco-4.9.5/src/nco/nco_prn.c:4111:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_USHORT: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.us); break;
data/nco-4.9.5/src/nco/nco_prn.c:4112:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.i); break;
data/nco-4.9.5/src/nco/nco_prn.c:4113:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.ui); break;
data/nco-4.9.5/src/nco/nco_prn.c:4114:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_INT64: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.i64); break;
data/nco-4.9.5/src/nco/nco_prn.c:4115:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case NC_UINT64: (void)fprintf(fp_out,enm_fmt,mbr_nm,enm_val.ui64); break;
data/nco-4.9.5/src/nco/nco_prn.c:4159:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:4162:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(var_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:4165:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(var_nm_fll,var_nm);
data/nco-4.9.5/src/nco/nco_prn.c:4264:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sub_grp_nm_fll,grp_nm_fll);
data/nco-4.9.5/src/nco/nco_prn.c:4267:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strcmp(grp_nm_fll,sls_sng)) strcat(sub_grp_nm_fll,sls_sng);
data/nco-4.9.5/src/nco/nco_prn.c:4270:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_grp_nm_fll,grp_nm);
data/nco-4.9.5/src/nco/nco_prn.c:4432:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if(isnan(val_flt)) (void)sprintf(val_sng,(prn_flg->jsn) ? "null" : "NaN");
data/nco-4.9.5/src/nco/nco_prn.c:4433:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if(isinf(val_flt)) (void)sprintf(val_sng,"%s",(prn_flg->jsn) ? "null" : (val_flt < 0.0f) ? "-Infinity" : "Infinity");
data/nco-4.9.5/src/nco/nco_prn.c:4448:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if(isnan(val_dbl)) (void)sprintf(val_sng,(prn_flg->jsn) ? "null" : "NaN");
data/nco-4.9.5/src/nco/nco_prn.c:4449:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if(isinf(val_dbl)) (void)sprintf(val_sng,"%s",(prn_flg->jsn) ? "null" : (val_dbl < 0.0) ? "-Infinity" : "Infinity");
data/nco-4.9.5/src/nco/nco_rgr.c:3946:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val_crd,"%s %s",lat_nm_out,lon_nm_out);
data/nco-4.9.5/src/nco/nco_rgr.c:3965:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val_cll_msr,"area: %s",area_nm_out);
data/nco-4.9.5/src/nco/nco_rgr.c:4308:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val,"%s, %s: sum",lat_dmn_nm_out,lon_dmn_nm_out);
data/nco-4.9.5/src/nco/nco_rgr.c:4317:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val,"%s, %s: sum",lat_dmn_nm_out,lon_dmn_nm_out);
data/nco-4.9.5/src/nco/nco_rgr.c:6033:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(cmd_rgr,cmd_rgr_fmt,lat_nbr_rqs,lon_nbr_rqs,fl_grd_dst_cdl);
data/nco-4.9.5/src/nco/nco_rgr.c:6034:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rcd_sys=system(cmd_rgr);
data/nco-4.9.5/src/nco/nco_rgr.c:9212:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(att_val,att_fmt,rgr->fl_in);
data/nco-4.9.5/src/nco/nco_rgr.c:9545:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(att_val,att_fmt);
data/nco-4.9.5/src/nco/nco_rgr.c:9572:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val,"%s %s",ndx_nm,ndy_nm);
data/nco-4.9.5/src/nco/nco_rgr.c:9579:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val,"%s %s",fcx_nm,fcy_nm);
data/nco-4.9.5/src/nco/nco_rgr.c:9587:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(att_val,"%s %s",dgx_nm,dgy_nm);
data/nco-4.9.5/src/nco/nco_sng_utl.c:154:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(sng_out) strcpy(sng_out,sng_in);
data/nco-4.9.5/src/nco/nco_sng_utl.c:195:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(cmd_ln,argv[0]);
data/nco-4.9.5/src/nco/nco_sng_utl.c:198:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(cmd_ln,argv[idx]);
data/nco-4.9.5/src/nco/nco_sng_utl.c:523:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(sng_val_sng,chr2sng_sf(chr_val,val_sng));
data/nco-4.9.5/src/nco/nco_sph.c:1797:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sq_sng, sq);
data/nco-4.9.5/src/nco/nco_uthash.h:283:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/nco-4.9.5/src/nco++/ncap2.cc:360:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco++/ncap2.cc:675:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((str_ptr=getenv("GSL_PREC_MODE"))) ncap_gsl_mode_prec=(int)strtol(str_ptr,(char **)NULL,NCO_SNG_CNV_BASE10);
data/nco-4.9.5/src/nco++/ncoLexer.hpp:75:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
spaths=getenv("NCO_PATH");
data/nco-4.9.5/src/nco/mpncbo.c:363:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/mpncecat.c:319:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/mpncflint.c:336:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/mpncpdq.c:343:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/mpncra.c:381:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/mpncwa.c:387:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncatted.c:292:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncbo.c:394:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncecat.c:390:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncflint.c:389:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncks.c:617:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/nco_getopt.c:57:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+';
data/nco-4.9.5/src/nco/nco_getopt.c:153:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+';
data/nco-4.9.5/src/nco/nco_getopt.h:76:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#undef getopt
data/nco-4.9.5/src/nco/nco_getopt.h:77:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt my_getopt
data/nco-4.9.5/src/nco/nco_getopt.h:78:8: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#undef getopt_long
data/nco-4.9.5/src/nco/nco_getopt.h:79:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long my_getopt_long
data/nco-4.9.5/src/nco/nco_mmr.c:100:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((nvr_NCO_MMR_DBG=getenv("NCO_MMR_DBG"))) ntg_NCO_MMR_DBG=(int)strtol(nvr_NCO_MMR_DBG,&sng_cnv_rcd,NCO_SNG_CNV_BASE10); /* [sng] Environment variable NCO_MMR_DBG */
data/nco-4.9.5/src/nco/nco_omp.c:92:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((nvr_OMP_NUM_THREADS=getenv("OMP_NUM_THREADS"))) ntg_OMP_NUM_THREADS=(int)strtol(nvr_OMP_NUM_THREADS,&sng_cnv_rcd,NCO_SNG_CNV_BASE10); /* [sng] Environment variable OMP_NUM_THREADS */
data/nco-4.9.5/src/nco/nco_rgr.c:6015:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
nvr_DATA_TEMPEST=getenv("DATA_TEMPEST");
data/nco-4.9.5/src/nco/nco_rth_flt.c:111:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/nco-4.9.5/src/nco/nco_rth_flt.c:115:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned)time(NULL));
data/nco-4.9.5/src/nco/nco_rth_flt.c:116:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rnd_nbr_lng=random();
data/nco-4.9.5/src/nco/ncpdq.c:396:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncra.c:512:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncrename.c:245:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco/ncwa.c:433:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt=getopt_long(argc,argv,opt_sht_lst,opt_lng,&opt_idx);
data/nco-4.9.5/src/nco++/Invoke.cc:238:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iret=atoi(strExit.getMessage().c_str());
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:512:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var->mss_val.vp, var->val.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:527:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var->mss_val.vp, var->val.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:544:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,var->mss_val.vp,slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:735:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_ret->val.vp, var->mss_val.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1068:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)msk_vp, (char*)var->val.dp, lat_sz * lon_sz * slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) msk_vp, (char *) var->val.dp, lat_sz * lon_sz * slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1279:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_miss->val.vp, var->mss_val.vp, nco_typ_lng(var->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1941:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_sng[200]={0};
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1942:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_new_sng[200]={0};
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1983:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(units_new_sng,"days since %d-01-01 00:00:00", lcl_tm_sct.year);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2356:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in,slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2416:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in ,slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2560:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_in->add_fst.vp,var_add_fst->val.vp,nco_typ_lng(var_in->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2566:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_in->scl_fct.vp,var_scl_fct->val.vp,nco_typ_lng(var_in->type));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2953:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out+(ptrdiff_t)(lp_mp[jdx]*slb_sz),cp_in,slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:2967:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in+(ptrdiff_t)(lp_mp[jdx]*slb_sz),slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:3560:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_ret->nm, "xyz%d", rand() );
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:3605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bnds_txt[100];
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:4695:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dpi,dpo, v_sz* sizeof(double));
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:4928:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NC_MAX_ATTRS];
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:4957:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp_out,cp_in, slb_sz*var_add->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5071:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1200];
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp_out, cp_miss_var, slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp_miss_weight, cp_miss_var, slb_sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5962:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char schar[200];
data/nco-4.9.5/src/nco++/ncap2.cc:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco++/ncap2.cc:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco++/ncap2.cc:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt_arg[NCAP_SPT_NBR_MAX]; /* fxm: Arbitrary size, should be dynamic */
data/nco-4.9.5/src/nco++/ncap2.cc:363:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco++/ncap2.cc:558:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spt_arg_cat,";\n");
data/nco-4.9.5/src/nco++/ncap2.cc:564:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spt_arg_cat,";\n");
data/nco-4.9.5/src/nco++/ncap2.cc:706:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(fl_out) FL_OUT_NEW=True; else fl_out=(char *)strdup(fl_lst_in[0]);
data/nco-4.9.5/src/nco++/ncap2.cc:892:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((yyin=fopen(fl_spt_usr,"r")) == NULL_CEWI)
data/nco-4.9.5/src/nco++/ncap2.cc:1136:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<nbr_spt;idx++) spt_arg[idx]=(char *)nco_free(spt_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2.cc:1155:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2.cc:1158:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2.cc:1217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20]={0};
data/nco-4.9.5/src/nco++/ncap2_att.cc:61:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100]={'\0'};
data/nco-4.9.5/src/nco++/ncap2_att.cc:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco++/ncap2_att.cc:348:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp,var->val.vp,var_typ_sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlm_sng[3];
data/nco-4.9.5/src/nco++/ncap2_att.cc:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco++/ncap2_att.cc:450:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(dlm_sng,", ");
data/nco-4.9.5/src/nco++/ncap2_att.cc:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlm_sng[3];
data/nco-4.9.5/src/nco++/ncap2_att.cc:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco++/ncap2_att.cc:548:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(dlm_sng,", ");
data/nco-4.9.5/src/nco++/ncap2_att.cc:654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NC_MAX_NAME+1];
data/nco-4.9.5/src/nco++/ncap2_utl.cc:414:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_new_lst[idx].nm=(char *)strdup(xtr_lst[idx].nm);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:446:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_new_lst[xtr_nbr_new].nm=(char *)strdup(xtr_lst[idx].nm);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:484:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_new_lst[idx].nm=(char *)strdup(xtr_lst[idx].nm);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:500:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_new_lst[xtr_nbr_crr].nm=(char *)strdup(xtr_lst_a[idx].nm);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco++/ncap2_utl.cc:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco++/ncap2_utl.cc:788:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp,var_lsr_cp,var_lsr_typ_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:796:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp+var_gtr_lmn*var_lsr_typ_sz,var_lsr_cp,var_lsr_typ_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:866:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp+var_gtr_lmn*var_lsr_typ_sz,var_lsr_cp+var_lsr_lmn*var_lsr_typ_sz,var_lsr_typ_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2041:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
for(idx=0;idx<var_sz;idx++) (void)memcpy(var_val_cp+idx,(void *)(&val),var_typ_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2134:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
icnt=atoi(str_vtr[idx].c_str());
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2186:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out, cp_srt, ptrdiff_t(cnt*slb_sz));
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2198:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_lcl,slb_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2334:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_end,cp_in,cnt*slb_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2341:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_lcl,cp_in,slb_sz);
data/nco-4.9.5/src/nco++/ncap2_utl.cc:2429:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in, var_in->sz*nco_typ_lng(var_in->type));
data/nco-4.9.5/src/nco++/ncoLexer.cpp:2152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10];
data/nco-4.9.5/src/nco++/ncoLexer.cpp:2153:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"%d",idx);
data/nco-4.9.5/src/nco++/ncoTree.cpp:567:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dCall=atoi(dtyp->getText().c_str());
data/nco-4.9.5/src/nco++/ncoTree.cpp:1065:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx=atoi(sdx.c_str());
data/nco-4.9.5/src/nco++/ncoTree.cpp:1097:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int idx=atoi(sdx.c_str());
data/nco-4.9.5/src/nco++/ncoTree.cpp:2954:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp_out, cp_in, slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:4185:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NC_MAX_ATTRS];
data/nco-4.9.5/src/nco++/ncoTree.cpp:4258:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp_out,cp_in,slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:4759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var_ret->val.vp, var_int->val.vp, tsz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:4769:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp,var_int->val.vp,tsz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:4989:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp,exp_vtr[idx]->val.vp,tsz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:5211:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in,slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:5217:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_out,cp_in,slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:5352:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var->val.vp,(const char*)Nvar->var->val.vp+(ptrdiff_t)(srt*slb_sz),slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:5517:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((char*)var_lhs->val.vp+(ptrdiff_t)(srt*slb_sz),var_rhs->val.vp,slb_sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:5808:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy( (void*)var1->val.vp,var->val.vp,nco_typ_lng(var1->type));
data/nco-4.9.5/src/nco++/prs_cls.cc:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/mpncbo.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncbo.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncbo.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncbo.c:366:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncbo.c:1091:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncbo.c:1092:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/mpncbo.c:1095:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/mpncecat.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncecat.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncecat.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncecat.c:322:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncecat.c:981:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncecat.c:982:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/mpncecat.c:985:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/mpncflint.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncflint.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncflint.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncflint.c:339:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncflint.c:1028:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncflint.c:1029:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/mpncflint.c:1032:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/mpncpdq.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncpdq.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncpdq.c:346:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncpdq.c:1272:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncpdq.c:1273:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/mpncpdq.c:1276:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/mpncra.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncra.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncra.c:384:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncra.c:1513:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncra.c:1516:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/mpncwa.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncwa.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/mpncwa.c:390:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/mpncwa.c:702:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_avg_lst_in[idx]=(char *)strdup(dmn_lst[idx].nm);
data/nco-4.9.5/src/nco/mpncwa.c:1091:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_prc_out[idx]->val.vp),(void *)(var_prc[idx]->val.vp),var_prc_out[idx]->sz*nco_typ_lng(var_prc_out[idx]->type));
data/nco-4.9.5/src/nco/mpncwa.c:1359:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/mpncwa.c:1362:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncap_utl.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ncap_err_sng[200]; /* [sng] Buffer for error string (declared in ncap_lex.l) */
data/nco-4.9.5/src/nco/ncap_utl.c:567:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp,var_lsr_cp,var_lsr_typ_sz);
data/nco-4.9.5/src/nco/ncap_utl.c:575:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp+var_gtr_lmn*var_lsr_typ_sz,var_lsr_cp,var_lsr_typ_sz);
data/nco-4.9.5/src/nco/ncap_utl.c:645:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var_lsr_out_cp+var_gtr_lmn*var_lsr_typ_sz,var_lsr_cp+var_lsr_lmn*var_lsr_typ_sz,var_lsr_typ_sz);
data/nco-4.9.5/src/nco/ncatted.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aed_arg[NC_MAX_ATTRS];
data/nco-4.9.5/src/nco/ncatted.c:295:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncatted.c:389:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(fl_out) FL_OUT_NEW=True; else fl_out=(char *)strdup(fl_lst_in[0]);
data/nco-4.9.5/src/nco/ncatted.c:493:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_aed;idx++) aed_arg[idx]=(char *)nco_free(aed_arg[idx]);
data/nco-4.9.5/src/nco/ncatted.c:495:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(aed_lst[idx].att_nm) aed_lst[idx].att_nm=(char *)nco_free(aed_lst[idx].att_nm);
data/nco-4.9.5/src/nco/ncatted.c:496:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(aed_lst[idx].var_nm) aed_lst[idx].var_nm=(char *)nco_free(aed_lst[idx].var_nm);
data/nco-4.9.5/src/nco/ncbo.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncbo.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncbo.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncbo.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncbo.c:397:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncbo.c:751:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncbo.c:752:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncbo.c:753:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncbo.c:755:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncbo.c:761:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<nbr_gpe_nm;idx++) gpe_nm[idx].var_nm_fll=(char *)nco_free(gpe_nm[idx].var_nm_fll);
data/nco-4.9.5/src/nco/ncbo.c:764:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<nbr_cmn_nm;idx++) cmn_lst[idx].nm=(char *)nco_free(cmn_lst[idx].nm);
data/nco-4.9.5/src/nco/ncbo.c:766:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne1[idx].dim_nm=(char *)nco_free(flg_dne1[idx].dim_nm);
data/nco-4.9.5/src/nco/ncbo.c:768:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne2[idx].dim_nm=(char *)nco_free(flg_dne2[idx].dim_nm);
data/nco-4.9.5/src/nco/ncecat.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncecat.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncecat.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncecat.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncecat.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_out_sfx[NCO_GRP_OUT_SFX_LNG+1L];
data/nco-4.9.5/src/nco/ncecat.c:393:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncecat.c:791:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grp_out_sfx,"%02d",fl_idx);
data/nco-4.9.5/src/nco/ncecat.c:962:91: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv->nm)) nco_xcp_prc(var_trv->nm,var_prc[idx]->type,var_prc[idx]->sz,(char *)var_prc[idx]->val.vp);
data/nco-4.9.5/src/nco/ncecat.c:1019:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncecat.c:1020:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncecat.c:1021:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncecat.c:1023:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncecat.c:1040:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco/ncflint.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncflint.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncflint.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncflint.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncflint.c:392:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncflint.c:943:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv_1->nm)) nco_xcp_prc(var_trv_1->nm,var_prc_2[idx]->type,var_prc_out[idx]->sz,(char *)var_prc_2[idx]->val.vp);
data/nco-4.9.5/src/nco/ncflint.c:1001:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncflint.c:1002:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncflint.c:1003:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncflint.c:1005:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncflint.c:1013:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco/ncks.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncks.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncks.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncks.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncks.c:620:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncks.c:1394:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_prn=fopen(fl_prn,"w")) == NULL){
data/nco-4.9.5/src/nco/ncks.c:1409:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/ncks.c:1505:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncks.c:1506:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncks.c:1507:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncks.c:1509:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncks.c:1512:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco/nco.h:1125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *crd_nm[2]; /* [sng] Coordinate names */
data/nco-4.9.5/src/nco/nco.h:1127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dmn_nm[2]; /* [sng] Dimension names */
data/nco-4.9.5/src/nco/nco.h:1128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unt_sng[2]; /* [sng] Units strings */
data/nco-4.9.5/src/nco/nco.h:1280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[5];
data/nco-4.9.5/src/nco/nco.h:1359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[NC_MAX_NAME+1]; /* [sng] Units of 'latitude' and 'longitude' */
data/nco-4.9.5/src/nco/nco.h:1480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[5]; /* [sng] Hint for printf()-style formatting */
data/nco-4.9.5/src/nco/nco.h:1584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[5]; /* [sng] Hint for printf()-style formatting */
data/nco-4.9.5/src/nco/nco.h:1628:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[NC_MAX_NAME+1L];/* [sng] Name of dimension/coordinate */
data/nco-4.9.5/src/nco/nco_att_utl.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:195:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(var_nm,"Global");
data/nco-4.9.5/src/nco/nco_att_utl.c:413:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(((char *)att_val_new)[att_sz-1L] == '\0') att_sz--;
data/nco-4.9.5/src/nco/nco_att_utl.c:416:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)((char *)att_val_new+att_sz*nco_typ_lng(aed.type)),
data/nco-4.9.5/src/nco/nco_att_utl.c:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp_sng[TIME_STAMP_SNG_LNG];
data/nco-4.9.5/src/nco/nco_att_utl.c:1057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_att_utl.c:1061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp_sng[TIME_STAMP_SNG_LNG];
data/nco-4.9.5/src/nco/nco_att_utl.c:1493:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(obj_nm,"group");
data/nco-4.9.5/src/nco/nco_att_utl.c:1496:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(obj_nm,".group");
data/nco-4.9.5/src/nco/nco_att_utl.c:2137:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(var_val_p1,"%02d/%02d/%02d",time_crr_tm->tm_mon+1,time_crr_tm->tm_mday,time_crr_tm->tm_year%100);
data/nco-4.9.5/src/nco/nco_aux.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_val[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cll_idx_sng[100]; /* Buffer for user-assigned limit names */
data/nco-4.9.5/src/nco/nco_aux.c:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_lat[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_lon[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:289:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cll_idx_sng,"%d",cll_idx_min);
data/nco-4.9.5/src/nco/nco_aux.c:292:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cll_idx_sng,"%d",cll_idx_min+cll_nbr_cns-1);
data/nco-4.9.5/src/nco/nco_aux.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cll_idx_sng[100]; /* Buffer for user-assigned limit names */
data/nco-4.9.5/src/nco/nco_aux.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:390:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_lat[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_lon[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:512:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cll_idx_sng,"%d",cll_idx_min);
data/nco-4.9.5/src/nco/nco_aux.c:515:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cll_idx_sng,"%d",cll_idx_min+cll_nbr_cns-1);
data/nco-4.9.5/src/nco/nco_aux.c:565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME]; /* [sng] Attribute name */
data/nco-4.9.5/src/nco/nco_aux.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_aux.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_val[NC_MAX_NAME+1];
data/nco-4.9.5/src/nco/nco_aux.c:643:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_bnr.c:20:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_bnr=fopen(fl_bnr,fl_mode)) == NULL){
data/nco-4.9.5/src/nco/nco_bnr.c:100:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
vp_bs=memcpy(vp_bs,vp,mmr_sz);
data/nco-4.9.5/src/nco/nco_cln_utl.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdate[200]={0};
data/nco-4.9.5/src/nco/nco_cln_utl.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char btime[200]={0};
data/nco-4.9.5/src/nco/nco_cln_utl.c:184:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"%04d-%02d-%02d %02d:%02d:%f", ttx->year,ttx->month, ttx->day,ttx->hour,ttx->min,ttx->sec);
data/nco-4.9.5/src/nco/nco_cln_utl.c:188:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"%04d-%02d-%02dT%02d:%02d:%f", ttx->year,ttx->month, ttx->day,ttx->hour,ttx->min,ttx->sec);
data/nco-4.9.5/src/nco/nco_cln_utl.c:192:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bdate,"%04d-%02d-%02d",ttx->year,ttx->month,ttx->day);
data/nco-4.9.5/src/nco/nco_cln_utl.c:200:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(frac_sec == 0.0) sprintf(btime, " %02d:%02d:%02d", ttx->hour,ttx->min, isec ); else sprintf(btime, " %02d:%02d:%02.7f", ttx->hour,ttx->min, ttx->sec);
data/nco-4.9.5/src/nco/nco_cln_utl.c:200:93: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(frac_sec == 0.0) sprintf(btime, " %02d:%02d:%02d", ttx->hour,ttx->min, isec ); else sprintf(btime, " %02d:%02d:%02.7f", ttx->hour,ttx->min, ttx->sec);
data/nco-4.9.5/src/nco/nco_cln_utl.c:479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srt_sng[200];
data/nco-4.9.5/src/nco/nco_cln_utl.c:480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_sng[200];
data/nco-4.9.5/src/nco/nco_cln_utl.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_sng[200];
data/nco-4.9.5/src/nco/nco_cln_utl.c:503:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srt_sng,"seconds since %d-%d-01",yr_srt,mth_srt);
data/nco-4.9.5/src/nco/nco_cln_utl.c:511:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(end_sng,"seconds since %d-%d-01",yr_end,mth_end);
data/nco-4.9.5/src/nco/nco_cln_utl.c:520:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(md_sng,"seconds since %d-%d-%d",yr_srt,mth_srt, day_mid);
data/nco-4.9.5/src/nco/nco_cln_utl.c:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcl_unt_sng[200]={0};
data/nco-4.9.5/src/nco/nco_cln_utl.c:948:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lcl_unt_sng,"s@");
data/nco-4.9.5/src/nco/nco_cln_utl.c:1272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty_sng[1];
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:228:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(wgt_out_cp,wgt_cp,wgt_typ_sz);
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:236:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(wgt_out_cp+var_lmn*wgt_typ_sz,wgt_cp,wgt_typ_sz);
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:323:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(wgt_out_cp+var_lmn*wgt_typ_sz,wgt_cp+wgt_lmn*wgt_typ_sz,wgt_typ_sz);
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:536:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(dmn_idx_shr_out),(void *)(dmn_idx_shr_in),dmn_shr_nbr*sizeof(dmn_idx_shr_in[0]));
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:741:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_out->val.vp),(void *)(var_in->val.vp),var_out->sz*nco_typ_lng(var_out->type));
data/nco-4.9.5/src/nco/nco_cnf_dmn.c:799:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(val_out_cp+var_out_lmn*typ_sz,val_in_cp+var_in_lmn*typ_sz,(size_t)typ_sz);
data/nco-4.9.5/src/nco/nco_cnk.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_cnk.c:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_cnk.c:1119:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(dmn_nm_in[dmn_idx]) dmn_nm_in[dmn_idx]=(char *)nco_free(dmn_nm_in[dmn_idx]);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrn_sng[1000];
data/nco-4.9.5/src/nco/nco_cnv_csm.c:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_cnv_csm.c:359:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[*xtr_nbr].nm=(char *)strdup(crd_lst[idx_crd]);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_op_sng[23]; /* [sng] Operation type (longest is nco_op_mabs which translates to "maximum_absolute_value") */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:542:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_avg: strcpy(att_op_sng,"mean"); break;
data/nco-4.9.5/src/nco/nco_cnv_csm.c:543:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_min: strcpy(att_op_sng,"minimum"); break;
data/nco-4.9.5/src/nco/nco_cnv_csm.c:544:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_max: strcpy(att_op_sng,"maximum"); break;
data/nco-4.9.5/src/nco/nco_cnv_csm.c:545:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_ttl: strcpy(att_op_sng,"sum"); break;
data/nco-4.9.5/src/nco/nco_cnv_csm.c:546:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_avgsqr: strcpy(att_op_sng,"variance"); break; /* Mean of sum of squares */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:548:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_mabs: strcpy(att_op_sng,"maximum_absolute_value"); break; /* Maximum absolute value */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:549:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_mebs: strcpy(att_op_sng,"mean_absolute_value"); break; /* Mean absolute value */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:550:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_mibs: strcpy(att_op_sng,"minimum_absolute_value"); break; /* Minimum absolute value */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:551:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_tabs: strcpy(att_op_sng,"sum absolute_value"); break; /* sum absolute value */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:552:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_sqravg: strcpy(att_op_sng,"square_of_mean"); break; /* Square of mean */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:553:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_sqrt: strcpy(att_op_sng,"square_root_of_mean"); break; /* Square root of mean */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:554:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_rms: strcpy(att_op_sng,"root_mean_square"); break; /* Root-mean-square (normalized by N) */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:555:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case nco_op_rmssdn: strcpy(att_op_sng,"root_mean_square_nm1"); break; /* Root-mean square normalized by N-1 */
data/nco-4.9.5/src/nco/nco_cnv_csm.c:572:43: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(dmn_idx_mch<dmn_nbr_mch-1) (void)strcat(aed.val.cp,", ");
data/nco-4.9.5/src/nco/nco_cnv_csm.c:574:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(aed.val.cp,": ");
data/nco-4.9.5/src/nco/nco_cnv_csm.c:580:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(aed.att_nm,"cell_method");
data/nco-4.9.5/src/nco/nco_cnv_csm.c:588:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(aed.att_nm,"cell_methods");
data/nco-4.9.5/src/nco/nco_cnv_csm.c:657:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(aed.att_nm,"coordinates");
data/nco-4.9.5/src/nco/nco_crt.c:501:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lcl_dp_x, pl_in->dp_x, sizeof(double) * pl_in->crn_nbr);
data/nco-4.9.5/src/nco/nco_crt.c:502:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lcl_dp_y, pl_in->dp_y, sizeof(double) * pl_in->crn_nbr);
data/nco-4.9.5/src/nco/nco_ctl.c:570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbr_sng[NC_MAX_NAME+1];
data/nco-4.9.5/src/nco/nco_dmn_utl.c:55:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)dmn_cpy,dmn_vp,sizeof(dmn_sct));
data/nco-4.9.5/src/nco/nco_dmn_utl.c:225:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_lst[idx].nm=(char *)strdup(dmn_lst_in[idx]);
data/nco-4.9.5/src/nco/nco_dmn_utl.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_lcl[NC_MAX_NAME]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_dmn_utl.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_fl_utl.c:173:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(smr_fl_sz_sng,"Size expected in RAM or uncompressed storage of all data (not metadata), accounting for subsets and hyperslabs, is %lu B ~ %lu kB, %lu kiB ~ %lu MB, %lu MiB ~ %lu GB, %lu GiB",(unsigned long)ram_sz_ttl,(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_KB),(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_KiB),(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_MB),(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_MiB),(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_GB),(unsigned long)round(1.0*ram_sz_ttl/NCO_BYT_PER_GiB));
data/nco-4.9.5/src/nco/nco_fl_utl.c:466:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_lst_in[(*fl_nbr)++]=(char *)strdup(argv[arg_crr++]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:467:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*fl_out=(char *)strdup(argv[arg_crr]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:472:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_lst_in[(*fl_nbr)++]=(char *)strdup(argv[arg_crr++]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:484:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_lst_in[(*fl_nbr)++] = (char *) strdup(argv[arg_crr++]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:499:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*fl_out = (char *) strdup(argv[arg_crr]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:518:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_lst_in[(*fl_nbr)++]=(char *)strdup(argv[arg_crr++]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:525:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*fl_out=(char *)strdup(argv[arg_crr]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_sng[10];
data/nco-4.9.5/src/nco/nco_fl_utl.c:575:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_in=fopen(fl_in,"r")) == NULL){
data/nco-4.9.5/src/nco/nco_fl_utl.c:587:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(fmt_sng,"%%%ds\n",FL_NM_IN_MAX_LNG);
data/nco-4.9.5/src/nco/nco_fl_utl.c:650:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
while(arg_crr < argc-1+psn_arg_fst) fl_lst_in[(*fl_nbr)++]=(char *)strdup(argv[arg_crr++]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:664:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*fl_out=(char *)strdup(argv[argc-1]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1009:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_netrc=fopen(fl_nm_netrc,"r")) == NULL){
data/nco-4.9.5/src/nco/nco_fl_utl.c:1304:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_in=fopen(fl_nm_lcl,"r")) == NULL){
data/nco-4.9.5/src/nco/nco_fl_utl.c:1397:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fl_nm_nbr_sng_fmt[10];
data/nco-4.9.5/src/nco/nco_fl_utl.c:1484:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(fl_nm_nbr_sng_fmt,"%%0%dd%%02d",fl_nm_nbr_dgt-2);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1486:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(fl_nm_nbr_sng_fmt,"%%0%dd",fl_nm_nbr_dgt);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1490:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_nm=(char *)strdup(fl_lst_in[0]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1515:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_nm=(char *)strdup(fl_lst_in[0]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1520:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fl_nm=(char *)strdup(fl_lst_in[fl_idx]);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1757:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(pid_sng,"%ld",(long)pid);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1789:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
fl_out_tmp_sys=strcat(fl_out_tmp_sys,"XXXXXX");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1791:16: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fl_out_hnd=mkstemp(fl_out_tmp_sys);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1852:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usr_rpl[NCO_USR_RPL_MAX_LNG];
data/nco-4.9.5/src/nco/nco_grp_utl.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1];
data/nco-4.9.5/src/nco/nco_grp_utl.c:1263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME+1L]; /* [sng] Attribute name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:1494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_var[NC_MAX_NAME+1]; /* [sng] Dimension name for *variable* */
data/nco-4.9.5/src/nco/nco_grp_utl.c:1544:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_grp[NC_MAX_NAME+1]; /* [sng] Dimension name for *group* */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2070:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_gpe_nm;idx++) gpe_nm[idx].var_nm_fll=(char *)nco_free(gpe_nm[idx].var_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2072:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_dmn_cmn_out;idx++) dmn_cmn_out[idx].nm_fll=(char *)nco_free(dmn_cmn_out[idx].nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1]; /* [sng] Variable name (used for validation only) */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L]; /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1L]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec_nm[NC_MAX_NAME+1L]; /* [sng] Record dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L]; /* [sng] Type name used in CDL "types" declaration (e.g., "vlen_t") */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2706:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_var[NC_MAX_NAME+1]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:3564:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_var[NC_MAX_NAME+1]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:3612:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_gpe;idx++) (*gpe_nm)[idx].var_nm_fll=(char *)nco_free((*gpe_nm)[idx].var_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:4360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:4607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:4608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_grp[NC_MAX_NAME+1]; /* [sng] Dimension name for group */
data/nco-4.9.5/src/nco/nco_grp_utl.c:4609:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1]; /* [sng] Variable name (local copy of object name) */
data/nco-4.9.5/src/nco/nco_grp_utl.c:5179:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*dmn_cmn_out)[nbr_dmn_out_tmp].nm_fll=(char *)strdup(dmn_cmn[idx_dmn].nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5274:98: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_prg_id == ncecat && rec_dmn_nm && var_trv->enm_prc_typ == prc_typ) dmn_cmn[0].nm_fll=(char *)nco_free(dmn_cmn[0].nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5904:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_out->val.vp),(void *)(var_in->val.vp),var_out->sz*nco_typ_lng(var_out->type));
data/nco-4.9.5/src/nco/nco_grp_utl.c:5962:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(val_out_cp+var_out_lmn*typ_sz,val_in_cp+var_in_lmn*typ_sz,(size_t)typ_sz);
data/nco-4.9.5/src/nco/nco_grp_utl.c:6017:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name (local copy of object name) */
data/nco-4.9.5/src/nco/nco_grp_utl.c:6020:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1L]; /* [sng] Dimension names */
data/nco-4.9.5/src/nco/nco_grp_utl.c:7042:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*dne_lst)[lmt_idx].dim_nm=(char *) strdup(lmt[lmt_idx]->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:7887:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:7929:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME+1L]; /* [sng] Attribute name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:8077:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_grp_utl.c:8417:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_lat[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_grp_utl.c:8418:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_lon[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_grp_utl.c:8582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_lat[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_grp_utl.c:8583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units_lon[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_grp_utl.c:8761:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*dmn)[idx]->nm=(char *)strdup(lmt[idx]->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8762:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(*dmn)[idx]->nm_fll=(char *)strdup(lmt[idx]->nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8928:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx_nm=0;idx_nm<nm_lst_2_nbr;idx_nm++) nm_lst_2[idx_nm]=(char *)nco_free(nm_lst_2[idx_nm]);
data/nco-4.9.5/src/nco/nco_grp_utl.c:8935:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx_nm=0;idx_nm<nm_lst_1_nbr;idx_nm++) nm_lst_1[idx_nm]=(char *)nco_free(nm_lst_1[idx_nm]);
data/nco-4.9.5/src/nco/nco_grp_utl.c:9227:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx_nm=0;idx_nm<nm_lst_1_nbr;idx_nm++) nm_lst_1[idx_nm]=(char *)nco_free(nm_lst_1[idx_nm]);
data/nco-4.9.5/src/nco/nco_grp_utl.c:9661:72: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx_cmn=0;idx_cmn<nbr_cmn_nm;idx_cmn++) cmn_lst[idx_cmn].nm=(char *)nco_free(cmn_lst[idx_cmn].nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10324:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME+1L]; /* [nbr] Name of coordinate */
data/nco-4.9.5/src/nco/nco_grp_utl.c:10325:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpl_dmn_nm[NC_MAX_NAME+1L]; /* [nbr] Name of template coordinate */
data/nco-4.9.5/src/nco/nco_grp_utl.c:10410:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx_nm=0;idx_nm<nbr_var_nm_lst;idx_nm++) var_nm_lst[idx_nm]=(char *)nco_free(var_nm_lst[idx_nm]);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_var[NC_MAX_NAME+1]; /* [sng] Dimension name for *variable* */
data/nco-4.9.5/src/nco/nco_kd.c:2637:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, lcl_list, sizeof(KDPriority)*nbr_lst );
data/nco-4.9.5/src/nco/nco_kd.h:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbg_sng[200];
data/nco-4.9.5/src/nco/nco_lmt.c:274:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lmt_dim->max_sng=(char *)strdup(lmt[idx]->max_sng);
data/nco-4.9.5/src/nco/nco_lmt.c:280:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lmt_dim->min_sng=(char *)strdup(lmt[idx]->min_sng);
data/nco-4.9.5/src/nco/nco_lmt.c:283:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(lmt[idx]->srd_sng) lmt_dim->srd_sng=(char *)strdup(lmt[idx]->srd_sng); else lmt_dim->srd_sng=NULL;
data/nco-4.9.5/src/nco/nco_lmt.c:284:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(lmt[idx]->ssc_sng) lmt_dim->ssc_sng=(char *)strdup(lmt[idx]->ssc_sng); else lmt_dim->ssc_sng=NULL;
data/nco-4.9.5/src/nco/nco_lmt.c:285:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(lmt[idx]->ilv_sng) lmt_dim->ilv_sng=(char *)strdup(lmt[idx]->ilv_sng); else lmt_dim->ilv_sng=NULL;
data/nco-4.9.5/src/nco/nco_lmt.c:286:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lmt_dim->nm=(char *)strdup(lmt[idx]->nm);
data/nco-4.9.5/src/nco/nco_lmt.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_lmt.c:338:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(lmt_dim->max_sng,"%ld",cnt);
data/nco-4.9.5/src/nco/nco_lmt.c:437:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(arg_nbr <= 2) lmt[idx]->max_sng=(char *)strdup(arg_lst[1]);
data/nco-4.9.5/src/nco/nco_lst_utl.c:238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)lst_tmp,(void *)lst,nbr_lst*sizeof(nm_id_sct));
data/nco-4.9.5/src/nco/nco_lst_utl.c:740:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nm_id_lst[idx].nm) nm_id_lst[idx].nm=(char *)nco_free(nm_id_lst[idx].nm);
data/nco-4.9.5/src/nco/nco_lst_utl.c:767:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sng=(char *)strdup(sng_lst[0]);
data/nco-4.9.5/src/nco/nco_lst_utl.c:793:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(sng_lst[lmn]) sng_lst[lmn]=(char *)nco_free(sng_lst[lmn]);
data/nco-4.9.5/src/nco/nco_lst_utl.c:855:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sng_lst[sng_idx]=(char *)nco_free(sng_lst[sng_idx]);
data/nco-4.9.5/src/nco/nco_map.c:1596:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lon_crn_ptr, pl_lst[idx]->dp_x, lcl_crn_nbr * sizeof(double));
data/nco-4.9.5/src/nco/nco_map.c:1597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lat_crn_ptr, pl_lst[idx]->dp_y, lcl_crn_nbr * sizeof(double));
data/nco-4.9.5/src/nco/nco_map.c:1868:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(area_lcl,area,sz*sizeof(double));
data/nco-4.9.5/src/nco/nco_map.c:2077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idx_sng_fmt[5];
data/nco-4.9.5/src/nco/nco_map.c:2080:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_map.c:2280:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(idx_sng_fmt,"%%%dlu",idx_sng_lng_max);
data/nco-4.9.5/src/nco/nco_md5.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_dgs_hxd_sng_ram[NCO_MD5_DGS_SZ*2+1];
data/nco-4.9.5/src/nco/nco_md5.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_dgs_hxd_sng_dsk[NCO_MD5_DGS_SZ*2+1];
data/nco-4.9.5/src/nco/nco_md5.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_dgs_hxd_sng[NCO_MD5_DGS_SZ*2+1]) /* O [sng] MD5 digest */
data/nco-4.9.5/src/nco/nco_md5.c:175:51: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for(idx_dgs=0;idx_dgs<NCO_MD5_DGS_SZ;++idx_dgs) sprintf(md5_dgs_hxd_sng+idx_dgs*2,"%02x",md5_dgs_byt[idx_dgs]);
data/nco-4.9.5/src/nco/nco_md5.c:343:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/nco-4.9.5/src/nco/nco_md5.c:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/nco-4.9.5/src/nco/nco_md5.c:531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/nco-4.9.5/src/nco/nco_md5.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5_dgs_hxd_sng[NCO_MD5_DGS_SZ*2+1]); /* O [sng] MD5 digest */
data/nco-4.9.5/src/nco/nco_mmr.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_pid[256]; /* [sng] Process status pseudo-file name */
data/nco-4.9.5/src/nco/nco_mmr.c:361:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(pid) (void)sprintf(fl_pid,"/proc/%d/stat",pid);
data/nco-4.9.5/src/nco/nco_mmr.c:363:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_prc=fopen(fl_prc,"r");
data/nco-4.9.5/src/nco/nco_mmr.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_pid[256]; /* [sng] Process status pseudo-file name */
data/nco-4.9.5/src/nco/nco_mmr.c:454:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(pid) (void)sprintf(fl_pid,"/proc/%d/stat",pid);
data/nco-4.9.5/src/nco/nco_mmr.c:456:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_prc=fopen(fl_prc,"r");
data/nco-4.9.5/src/nco/nco_mmr.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[256]; // %s Member 02
data/nco-4.9.5/src/nco/nco_msa.c:82:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_stp,slb,(size_t)slb_sz);
data/nco-4.9.5/src/nco/nco_msa.c:147:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(cp_stp,slb,(size_t)slb_sz);
data/nco-4.9.5/src/nco/nco_msa.c:156:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cp_wrp[idx]=(char *)nco_free(cp_wrp[idx]);
data/nco-4.9.5/src/nco/nco_msa.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_msa.c:1277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1]; /* [sng] Variable name (local copy of object name) */
data/nco-4.9.5/src/nco/nco_msa.c:1755:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lmt_msa[idx_dmn]->dmn_nm=(char *)nco_free(lmt_msa[idx_dmn]->dmn_nm);
data/nco-4.9.5/src/nco/nco_mss_val.c:93:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mss_val_1_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_mss_val.c:94:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mss_val_2_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_mss_val.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_mss_val.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var->mss_val.vp,mss_tmp.vp,nco_typ_lng(bs_typ));
data/nco-4.9.5/src/nco/nco_mss_val.c:346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var->mss_val.vp,mss_tmp_vlen.p,nco_typ_lng(bs_typ));
data/nco-4.9.5/src/nco/nco_mss_val.c:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[1000];
data/nco-4.9.5/src/nco/nco_mss_val.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa1[1000];
data/nco-4.9.5/src/nco/nco_mss_val.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa2[1000];
data/nco-4.9.5/src/nco/nco_mss_val.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_mss_val.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_mss_val.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[1000];
data/nco-4.9.5/src/nco/nco_mss_val.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa1[1000];
data/nco-4.9.5/src/nco/nco_mss_val.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa2[1000];
data/nco-4.9.5/src/nco/nco_mta.c:79:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(kvm[kvm_idx].key){kvm[kvm_idx].key=(char *)nco_free(kvm[kvm_idx].key);}
data/nco-4.9.5/src/nco/nco_mta.c:80:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(kvm[kvm_idx].val){kvm[kvm_idx].val=(char *)nco_free(kvm[kvm_idx].val);}
data/nco-4.9.5/src/nco/nco_mta.c:150:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sng_fnl[0]=(char *)nco_malloc(idx_lst[1]*sizeof(char)+1L);
data/nco-4.9.5/src/nco/nco_mta.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sng_fnl[0],sng_tmp,idx_lst[1]);
data/nco-4.9.5/src/nco/nco_mta.c:158:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sng_fnl[dlm_idx],sng_tmp+idx_lst[dlm_idx]+strlen(delimiter),sng_sz);
data/nco-4.9.5/src/nco/nco_netcdf.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:1202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:1469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm_old[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:1773:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2661:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2702:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2754:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:2797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_in[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3020:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_out[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm_in[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm_out[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3046:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3050:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3096:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_netcdf.c:3142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L]; /* [sng] Type name used in CDL "types" declaration (e.g., "vlen_t") */
data/nco-4.9.5/src/nco/nco_netcdf.c:3152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_pck.c:960:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var->scl_fct.vp,zero_var->val.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco/nco_pck.c:964:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(var->add_fst.vp,var->val.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco/nco_ply.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl_cpy->dp_x, pl->dp_x, (size_t)crn_nbr_in* sizeof(double));
data/nco-4.9.5/src/nco/nco_ply.c:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl_cpy->dp_y, pl->dp_y, (size_t)crn_nbr_in* sizeof(double));
data/nco-4.9.5/src/nco/nco_ply.c:172:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl_cpy->shp[idx], pl->shp[idx], sizeof(double) * typ_sz );
data/nco-4.9.5/src/nco/nco_ply.c:373:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_x, lcl_x_in, sizeof(double) * lcl_crn_nbr);
data/nco-4.9.5/src/nco/nco_ply.c:374:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_y, lcl_y_in, sizeof(double) * lcl_crn_nbr);
data/nco-4.9.5/src/nco/nco_ply.c:542:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lcl_dp_x, pl->dp_x, sizeof(double) * sz);
data/nco-4.9.5/src/nco/nco_ply.c:1138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_x, lcl_dp_x, sizeof(double) * crn_nbr);
data/nco-4.9.5/src/nco/nco_ply.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_y, lcl_dp_y, sizeof(double) * crn_nbr);
data/nco-4.9.5/src/nco/nco_ply_lst.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_x, lcl_dp_x, (size_t)crn_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_ply_lst.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl->dp_y, lcl_dp_y, (size_t)crn_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_ply_lst.c:902:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_sng[VP_MAX];
data/nco-4.9.5/src/nco/nco_ply_lst.c:903:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_sng[VP_MAX];
data/nco-4.9.5/src/nco/nco_ply_lst.c:1665:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_wgt_lst, mem_lst[idx].wgt_lst, sizeof(wgt_sct *) * mem_lst[idx].pl_cnt);
data/nco-4.9.5/src/nco/nco_ply_lst.c:1682:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_ply_lst, mem_lst[idx].pl_lst, sizeof(poly_sct *) * mem_lst[idx].pl_cnt);
data/nco-4.9.5/src/nco/nco_prn.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_prn.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_sng_dlm[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_sng_pln[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_sng[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_prn.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val_sng[NCO_ATM_SNG_LNG];
data/nco-4.9.5/src/nco/nco_prn.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_prn.c:175:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_nm,"_NCProperties");
data/nco-4.9.5/src/nco/nco_prn.c:187:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_nm,"_IsNetcdf4");
data/nco-4.9.5/src/nco/nco_prn.c:199:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_nm,"_SuperblockVersion");
data/nco-4.9.5/src/nco/nco_prn.c:274:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sng_foo[12]; /* nbr] Maximum printed size of unsigned integer (4294967295) + 1 (for comma) + 1 (for trailing NUL) */
data/nco-4.9.5/src/nco/nco_prn.c:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val_hdn_sng,"%u,",flt_id);
data/nco-4.9.5/src/nco/nco_prn.c:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_nm[NC_MAX_NAME+1L]; /* [sng] Member name */
data/nco-4.9.5/src/nco/nco_prn.c:798:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
att[idx].nm=(char *)nco_free(att[idx].nm);
data/nco-4.9.5/src/nco/nco_prn.c:1110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlm_sng[NCO_MAX_LEN_FMT_SNG]={0};
data/nco-4.9.5/src/nco/nco_prn.c:1206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:1430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:1558:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(dmn_sng,"%%.%ldc",dmn_cnt[var.nbr_dim-1]);
data/nco-4.9.5/src/nco/nco_prn.c:1594:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dim[idx].nm=(char *)nco_free(dim[idx].nm);
data/nco-4.9.5/src/nco/nco_prn.c:1631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sng_foo[NC_MAX_NAME+10]; /* Add 10 for extra formatting characters */
data/nco-4.9.5/src/nco/nco_prn.c:1632:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz_sng[100];
data/nco-4.9.5/src/nco/nco_prn.c:1797:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(sng_foo,"1*");
data/nco-4.9.5/src/nco/nco_prn.c:1818:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(sng_foo,"%li*",(long)dmn_sz[dmn_idx]);
data/nco-4.9.5/src/nco/nco_prn.c:1827:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(sng_foo,"mean_length(NC_VLEN)*");
data/nco-4.9.5/src/nco/nco_prn.c:1955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val_sng[NCO_ATM_SNG_LNG];
data/nco-4.9.5/src/nco/nco_prn.c:1956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1]; /* [sng] Variable name (used for validation only) */
data/nco-4.9.5/src/nco/nco_prn.c:1957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_sng[NCO_MAX_LEN_FMT_SNG]; /* [sng] Variable string */
data/nco-4.9.5/src/nco/nco_prn.c:2210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:2297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_nm[NC_MAX_NAME+1L]; /* [sng] Member name */
data/nco-4.9.5/src/nco/nco_prn.c:2316:101: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if((cls_typ == NC_VLEN) && (bs_typ != NC_FLOAT) && (bs_typ != NC_DOUBLE) && (bs_typ != NC_INT)) strcat(fmt_sng,"%s");
data/nco-4.9.5/src/nco/nco_prn.c:2541:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_sng[100]={0};
data/nco-4.9.5/src/nco/nco_prn.c:2724:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_sng[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:2754:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crd_sng_lgb[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:2962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L]; /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_prn.c:2963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_prn.c:3384:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L]; /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_prn.c:3385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_prn.c:3477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs_nm[NC_MAX_NAME+1L]; /* [sng] Base name */
data/nco-4.9.5/src/nco/nco_prn.c:3478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_nm[NC_MAX_NAME+1L]; /* [sng] Member name */
data/nco-4.9.5/src/nco/nco_prn.c:3479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L]; /* [sng] Type name */
data/nco-4.9.5/src/nco/nco_prn.c:3496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enm_fmt[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:3714:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L]; /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_prn.c:3715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_prn.c:3803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs_nm[NC_MAX_NAME+1L]; /* [sng] Base name */
data/nco-4.9.5/src/nco/nco_prn.c:3804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_nm[NC_MAX_NAME+1L]; /* [sng] Member name */
data/nco-4.9.5/src/nco/nco_prn.c:3805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L]; /* [sng] Type name */
data/nco-4.9.5/src/nco/nco_prn.c:3820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enm_fmt[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_prn.c:3991:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grp_nm[NC_MAX_NAME+1L]; /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_prn.c:3992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_prn.c:4078:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bs_nm[NC_MAX_NAME+1L]; /* [sng] Base name */
data/nco-4.9.5/src/nco/nco_prn.c:4079:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_nm[NC_MAX_NAME+1L]; /* [sng] Member name */
data/nco-4.9.5/src/nco/nco_prn.c:4080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ_nm[NC_MAX_NAME+1L]; /* [sng] Type name */
data/nco-4.9.5/src/nco/nco_prn.c:4097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enm_fmt[NCO_MAX_LEN_FMT_SNG];
data/nco-4.9.5/src/nco/nco_rgr.c:326:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_grd=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:331:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_hnt_dst=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:335:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_hnt_src=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:339:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->msk_var=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:344:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_msh=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:348:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_skl=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:353:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_ugrid=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:358:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->fl_vrt=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:435:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->grd_ttl=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:562:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->area_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:566:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->bnd_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:570:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->bnd_tm_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:574:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->col_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:578:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->col_nm_out=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:582:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->frc_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:586:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->ilev_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:590:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->ilev_nm_out=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:594:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_bnd_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:598:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_dmn_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:602:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:606:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_nm_out=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:610:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_vrt_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:614:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lat_wgt_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:618:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lev_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:622:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lev_nm_out=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:626:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lon_bnd_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:630:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lon_dmn_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:634:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lon_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:638:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lon_nm_out=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:642:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->lon_vrt_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:646:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->plev_nm_in=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:661:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->sgs_frc_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:665:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->sgs_msk_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:679:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->msk_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:684:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rgr->vrt_nm=(char *)strdup(rgr_lst[rgr_var_idx].val);
data/nco-4.9.5/src/nco/nco_rgr.c:902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_rgr.c:1199:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME+1L];
data/nco-4.9.5/src/nco/nco_rgr.c:1291:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dmn_ids_out,dmn_ids_in,dmn_nbr_in*sizeof(int));
data/nco-4.9.5/src/nco/nco_rgr.c:1292:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dmn_cnt_out,dmn_cnt_in,dmn_nbr_in*sizeof(long));
data/nco-4.9.5/src/nco/nco_rgr.c:1346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps_out,ps_in,tm_nbr_in*grd_sz_in*nco_typ_lng(var_typ_rgr));
data/nco-4.9.5/src/nco/nco_rgr.c:3428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *crd_nm[NCO_MAX_CRD_PER_VAR]; /* [sng] Coordinate name start position */
data/nco-4.9.5/src/nco/nco_rgr.c:3989:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_rgr.c:4767:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_rec_nm[NC_MAX_NAME]; /* [sng] Record dimension name */
data/nco-4.9.5/src/nco/nco_rgr.c:4972:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(var_val_dbl_out,sgs_frc_out,grd_sz_out*nco_typ_lng(var_typ_rgr));
data/nco-4.9.5/src/nco/nco_rgr.c:5405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lat_bnd_rdn,lat_bnd,col_nbr*bnd_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_rgr.c:5406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lon_bnd_rdn,lon_bnd,col_nbr*bnd_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_rgr.c:7287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME]; /* [sng] Dimension name */
data/nco-4.9.5/src/nco/nco_rgr.c:7505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *crd_nm[NCO_MAX_CRD_PER_VAR]; /* [sng] Coordinate name start position */
data/nco-4.9.5/src/nco/nco_rgr.c:8026:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lat_crn_tmp,lat_crn,grd_sz_nbr*grd_crn_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_rgr.c:8027:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lon_crn_tmp,lon_crn,grd_sz_nbr*grd_crn_nbr*sizeof(double));
data/nco-4.9.5/src/nco/nco_rgr.c:9022:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp_hnt=fopen(fl_hnt,fl_mode)) == NULL){
data/nco-4.9.5/src/nco/nco_scl_utl.c:32:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)var->val.vp,(const void *)(&val),nco_typ_lng(var->type));
data/nco-4.9.5/src/nco/nco_scl_utl.c:101:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)var->val.vp,val_ptr_unn.vp,nco_typ_lng(var->type));
data/nco-4.9.5/src/nco/nco_scm.c:77:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(cvs_vrs_sng,"%04i%02i%02i",yr,mth,day);
data/nco-4.9.5/src/nco/nco_scm.c:123:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(cvs_vrs_sng,"%li.%li.%li",cvs_mjr_vrs,cvs_mnr_vrs,cvs_pch_vrs);
data/nco-4.9.5/src/nco/nco_scm.c:125:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(cvs_vrs_sng,"%li.%li",cvs_mjr_vrs,cvs_mnr_vrs);
data/nco-4.9.5/src/nco/nco_sld.c:108:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->ttl=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:112:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->var_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:144:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->wvl_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:148:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->xdm_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:152:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->ydm_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:156:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->wvl_bnd_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:160:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->xdm_bnd_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:164:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
trr->ydm_bnd_nm=(char *)strdup(trr_lst[trr_var_idx].val);
data/nco-4.9.5/src/nco/nco_sld.c:344:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(var_val.cp+dst_fst_byt),(void *)(var_raw.cp+src_fst_byt),ln_sz_byt);
data/nco-4.9.5/src/nco/nco_sng_utl.c:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val_sng[NCO_ATM_SNG_LNG];
data/nco-4.9.5/src/nco/nco_sng_utl.c:538:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\a': strcpy(val_sng,"\\a"); break; /* 007 7 07 BEL '\a' Bell */
data/nco-4.9.5/src/nco/nco_sng_utl.c:539:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\b': strcpy(val_sng,"\\b"); break; /* 010 8 08 BS '\b' Backspace */
data/nco-4.9.5/src/nco/nco_sng_utl.c:540:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\f': strcpy(val_sng,"\\f"); break; /* 014 12 0C FF '\f' Formfeed */
data/nco-4.9.5/src/nco/nco_sng_utl.c:541:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\n': strcpy(val_sng,"\\n"); break; /* 012 10 0A LF '\n' Linefeed */
data/nco-4.9.5/src/nco/nco_sng_utl.c:542:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\r': strcpy(val_sng,"\\r"); break; /* 015 13 0D CR '\r' Carriage return */
data/nco-4.9.5/src/nco/nco_sng_utl.c:543:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\t': strcpy(val_sng,"\\t"); break; /* 011 9 09 HT '\t' Horizontal tab */
data/nco-4.9.5/src/nco/nco_sng_utl.c:544:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\v': strcpy(val_sng,"\\v"); break; /* 013 11 0B VT '\v' Vertical tab */
data/nco-4.9.5/src/nco/nco_sng_utl.c:545:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\\': strcpy(val_sng,"\\\\"); break; /* 134 92 5C \ '\\' */
data/nco-4.9.5/src/nco/nco_sng_utl.c:546:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\'': strcpy(val_sng,"\\\'"); break; /* Unsure why or if this works! */
data/nco-4.9.5/src/nco/nco_sng_utl.c:547:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\"': strcpy(val_sng,"\\\""); break; /* Unsure why or if this works! */
data/nco-4.9.5/src/nco/nco_sng_utl.c:551:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val_sng,"%c",chr_val); break;
data/nco-4.9.5/src/nco/nco_sng_utl.c:570:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\n': strcpy(val_sng,"
"); break; /* 012 10 0A LF '\n' Linefeed */
data/nco-4.9.5/src/nco/nco_sng_utl.c:571:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\r': strcpy(val_sng,"
"); break; /* 015 13 0D CR '\r' Carriage return */
data/nco-4.9.5/src/nco/nco_sng_utl.c:572:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\t': strcpy(val_sng,"	"); break; /* 011 9 09 HT '\t' Horizontal tab */
data/nco-4.9.5/src/nco/nco_sng_utl.c:573:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '<': strcpy(val_sng,"<"); break;
data/nco-4.9.5/src/nco/nco_sng_utl.c:574:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '>': strcpy(val_sng,">"); break;
data/nco-4.9.5/src/nco/nco_sng_utl.c:575:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '&': strcpy(val_sng,"&"); break;
data/nco-4.9.5/src/nco/nco_sng_utl.c:576:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\"': strcpy(val_sng,"""); break;
data/nco-4.9.5/src/nco/nco_sng_utl.c:581:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(iscntrl(chr_val)) sprintf(val_sng,"&#%d;",chr_val); else sprintf(val_sng,"%c",chr_val);
data/nco-4.9.5/src/nco/nco_sng_utl.c:581:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(iscntrl(chr_val)) sprintf(val_sng,"&#%d;",chr_val); else sprintf(val_sng,"%c",chr_val);
data/nco-4.9.5/src/nco/nco_sng_utl.c:596:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\b': strcpy(val_sng,"\\b"); break; /* 010 8 08 BS '\b' Backspace */
data/nco-4.9.5/src/nco/nco_sng_utl.c:597:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\f': strcpy(val_sng,"\\f"); break; /* 014 12 0C FF '\f' Formfeed */
data/nco-4.9.5/src/nco/nco_sng_utl.c:598:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\n': strcpy(val_sng,"\\n"); break; /* 012 10 0A LF '\n' Linefeed */
data/nco-4.9.5/src/nco/nco_sng_utl.c:599:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\r': strcpy(val_sng,"\\r"); break; /* 015 13 0D CR '\r' Carriage return */
data/nco-4.9.5/src/nco/nco_sng_utl.c:600:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\t': strcpy(val_sng,"\\t"); break; /* 011 9 09 HT '\t' Horizontal tab */
data/nco-4.9.5/src/nco/nco_sng_utl.c:601:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\\': strcpy(val_sng,"\\\\"); break; /* 134 92 5C \ '\\' */
data/nco-4.9.5/src/nco/nco_sng_utl.c:602:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\"': strcpy(val_sng,"\\\""); break;/* Unsure why or if this works! */
data/nco-4.9.5/src/nco/nco_sng_utl.c:610:46: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(iscntrl(chr_val)) *val_sng='\0'; else sprintf(val_sng,"%c",chr_val);
data/nco-4.9.5/src/nco/nco_sph.c:206:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pqCrossOriginal, pqCross, sizeof(pqCross) );
data/nco-4.9.5/src/nco/nco_sph.c:347:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codes,"p0");
data/nco-4.9.5/src/nco/nco_sph.c:349:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codes,"pp");
data/nco-4.9.5/src/nco/nco_sph.c:438:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codes,"00");
data/nco-4.9.5/src/nco/nco_sph.c:599:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,Icross, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:643:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,Icross, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:935:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ flg_q=3; flg_p=3; memcpy(r0, p1, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:938:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ flg_q=3; flg_p=2; memcpy(r0, p1, sizeof(double)*NBR_SPH);}
data/nco-4.9.5/src/nco/nco_sph.c:941:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{flg_q=2; flg_p=3; memcpy(r0, p0, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:944:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{flg_q=2; flg_p=2; memcpy(r0, p0, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:1066:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r0, pcnd, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:1129:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(codes,"0000");
data/nco-4.9.5/src/nco/nco_sph.c:1279:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ flg_ab=3; flg_cd=3; memcpy(r0, p1, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:1281:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ flg_ab=3; flg_cd=2; memcpy(r0, p1, sizeof(double)*NBR_SPH);}
data/nco-4.9.5/src/nco/nco_sph.c:1283:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{flg_ab=2; flg_cd=3; memcpy(r0, p0, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:1285:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{flg_ab=2; flg_cd=2; memcpy(r0, p0, sizeof(double)*NBR_SPH); }
data/nco-4.9.5/src/nco/nco_sph.c:1404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r0, pcnd, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:2270:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(a,b, sizeof(double)* NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:2300:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(R[*r], P, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:2348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vrt_info[*r].p0, P, sizeof(double)*NBR_SPH );
data/nco-4.9.5/src/nco/nco_sph.c:2350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(R[*r], P, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_sph.c:3777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(R[*r], P, sizeof(double)*NBR_SPH);
data/nco-4.9.5/src/nco/nco_srm.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nco_srm.mgc_srt,nco_srm_mgc_srt,sizeof(nco_srm_mgc_srt)/sizeof(nco_srm_mgc_t));
data/nco-4.9.5/src/nco/nco_var_avg.c:317:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(avg_cp+(fix_lmn*avg_sz+avg_lmn)*typ_sz,var_cp+var_lmn*typ_sz,(size_t)typ_sz);
data/nco-4.9.5/src/nco/nco_var_avg.c:526:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.fp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:585:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.dp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:632:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:679:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.sp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:726:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.usp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:773:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.uip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:820:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.i64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:867:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ui64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:914:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.bp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:961:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ubp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1124:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.fp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1175:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.dp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1226:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1277:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.sp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1328:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.usp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1379:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.uip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1430:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.i64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1481:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ui64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1532:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.bp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1583:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ubp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1748:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.fp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1799:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.dp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1850:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1901:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.sp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:1952:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.usp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:2003:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.uip),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:2054:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.i64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:2105:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ui64p),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:2156:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.bp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_avg.c:2207:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)op1_2D,(void *)(op1.ubp),sz_op1*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_lst.c:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME]; /* [sng] Variable name */
data/nco-4.9.5/src/nco/nco_var_lst.c:106:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[var_nbr_tmp].nm=(char *)strdup(var_lst_all[idx].nm);
data/nco-4.9.5/src/nco/nco_var_lst.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:146:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)xcl_lst,(void *)xtr_lst,nbr_xcl*sizeof(nm_id_sct));
data/nco-4.9.5/src/nco/nco_var_lst.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crd_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:344:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[*xtr_nbr].nm=(char *)strdup(crd_lst[idx_crd]);
data/nco-4.9.5/src/nco/nco_var_lst.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:427:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[*xtr_nbr].nm=(char *)strdup(bnd_lst[idx_bnd]);
data/nco-4.9.5/src/nco/nco_var_lst.c:458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:572:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[*xtr_nbr].nm=(char *)strdup(crd_lst[idx_crd]);
data/nco-4.9.5/src/nco/nco_var_lst.c:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:649:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xtr_lst[*xtr_nbr].nm=(char *)strdup(bnd_lst[idx_bnd]);
data/nco-4.9.5/src/nco/nco_var_lst.c:681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crd_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_lst.c:701:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)var_lst_tmp,(void *)xtr_lst,*xtr_nbr*sizeof(nm_id_sct));
data/nco-4.9.5/src/nco/nco_var_lst.c:706:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)xtr_lst,(void *)var_lst_tmp,idx*sizeof(nm_id_sct));
data/nco-4.9.5/src/nco/nco_var_lst.c:707:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(xtr_lst+idx),(void *)(var_lst_tmp+idx+1),(*xtr_nbr-idx)*sizeof(nm_id_sct));
data/nco-4.9.5/src/nco/nco_var_lst.c:709:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
var_lst_tmp[idx].nm=(char *)nco_free(var_lst_tmp[idx].nm);
data/nco-4.9.5/src/nco/nco_var_rth.c:1157:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(op2.vp),(void *)(op1.vp),sz*nco_typ_lng(type));
data/nco-4.9.5/src/nco/nco_var_utl.c:436:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
var_out.nm=(char *)strdup(var_lst[var_idx]->nm);
data/nco-4.9.5/src/nco/nco_var_utl.c:732:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:820:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)var_cpy,(const void *)var,sizeof(var_sct));
data/nco-4.9.5/src/nco/nco_var_utl.c:829:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->val.vp),(void *)(var->val.vp),var_cpy->sz*nco_typ_lng(var_cpy->type));
data/nco-4.9.5/src/nco/nco_var_utl.c:851:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->mss_val.vp),(void *)(var->mss_val.vp),nco_typ_lng(var_cpy->type));
data/nco-4.9.5/src/nco/nco_var_utl.c:855:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->tally),(void *)(var->tally),var_cpy->sz*sizeof(long));
data/nco-4.9.5/src/nco/nco_var_utl.c:859:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->wgt_sum),(void *)(var->wgt_sum),var_cpy->sz*sizeof(double));
data/nco-4.9.5/src/nco/nco_var_utl.c:863:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->dim),(void *)(var->dim),var_cpy->nbr_dim*sizeof(var->dim[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:867:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->dmn_id),(void *)(var->dmn_id),var_cpy->nbr_dim*sizeof(var->dmn_id[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:871:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->cnk_sz),(void *)(var->cnk_sz),var_cpy->nbr_dim*sizeof(var->cnk_sz[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:875:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->cnt),(void *)(var->cnt),var_cpy->nbr_dim*sizeof(var->cnt[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:879:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->srt),(void *)(var->srt),var_cpy->nbr_dim*sizeof(var->srt[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:883:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->end),(void *)(var->end),var_cpy->nbr_dim*sizeof(var->end[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:887:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->srd),(void *)(var->srd),var_cpy->nbr_dim*sizeof(var->srd[0]));
data/nco-4.9.5/src/nco/nco_var_utl.c:891:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->scl_fct.vp),(void *)(var->scl_fct.vp),nco_typ_lng(var_cpy->typ_upk));
data/nco-4.9.5/src/nco/nco_var_utl.c:895:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_cpy->add_fst.vp),(void *)(var->add_fst.vp),nco_typ_lng(var_cpy->typ_upk));
data/nco-4.9.5/src/nco/nco_var_utl.c:1121:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(op2.vp),(void *)(op1.vp),sz*nco_typ_lng(var_typ));
data/nco-4.9.5/src/nco/nco_var_utl.c:1409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_trg_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_trg_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_trg_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1725:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1726:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_trg_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_trg_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/nco_var_utl.c:1988:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm[NC_MAX_NAME];
data/nco-4.9.5/src/nco/ncpdq.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncpdq.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncpdq.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncpdq.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncpdq.c:399:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncpdq.c:755:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_rdr[idx_rdr]->nm=(char *)strdup(dmn_rdr_lst_in[idx_rdr]);
data/nco-4.9.5/src/nco/ncpdq.c:764:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_rdr[idx_rdr]->nm=(char *)nco_free(dmn_rdr[idx_rdr]->nm);
data/nco-4.9.5/src/nco/ncpdq.c:905:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv->nm)) nco_xcp_prc(var_trv->nm,var_prc_out[idx]->type,var_prc_out[idx]->sz,(char *)var_prc_out[idx]->val.vp);
data/nco-4.9.5/src/nco/ncpdq.c:1002:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_rdr_trv[idx_rdr]->nm=(char *)nco_free(dmn_rdr_trv[idx_rdr]->nm);
data/nco-4.9.5/src/nco/ncpdq.c:1003:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dmn_rdr_trv[idx_rdr]->nm_fll=(char *)nco_free(dmn_rdr_trv[idx_rdr]->nm_fll);
data/nco-4.9.5/src/nco/ncpdq.c:1038:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncpdq.c:1039:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncpdq.c:1040:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncpdq.c:1042:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncpdq.c:1051:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco/ncra.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncra.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncra.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncra.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncra.c:515:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncra.c:1607:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv->nm)) nco_xcp_prc(var_trv->nm,var_prc_out[idx]->type,var_prc_out[idx]->sz,(char *)var_prc[idx]->val.vp);
data/nco-4.9.5/src/nco/ncra.c:1694:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv->nm)) nco_xcp_prc(var_trv->nm,var_prc_out[idx]->type,var_prc_out[idx]->sz,(char *)var_prc_out[idx]->val.vp);
data/nco-4.9.5/src/nco/ncra.c:1925:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
var_prc[idx_prc]->nm_fll=(char *)nco_free(var_prc[idx_prc]->nm_fll);
data/nco-4.9.5/src/nco/ncra.c:1945:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
var_prc[idx_prc]->nm_fll=(char *)nco_free(var_prc[idx_prc]->nm_fll);
data/nco-4.9.5/src/nco/ncra.c:2146:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncra.c:2147:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncra.c:2148:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncra.c:2150:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncra.c:2179:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco/ncrename.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *att_rnm_arg[NC_MAX_ATTRS];
data/nco-4.9.5/src/nco/ncrename.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dmn_rnm_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncrename.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *grp_rnm_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncrename.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *var_rnm_arg[NC_MAX_VARS];
data/nco-4.9.5/src/nco/ncrename.c:248:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncrename.c:349:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(fl_out) FL_OUT_NEW=True; else fl_out=(char *)strdup(fl_lst_in[0]);
data/nco-4.9.5/src/nco/ncrename.c:668:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_att_rnm;idx++) att_rnm_arg[idx]=(char *)nco_free(att_rnm_arg[idx]);
data/nco-4.9.5/src/nco/ncrename.c:669:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_dmn_rnm;idx++) dmn_rnm_arg[idx]=(char *)nco_free(dmn_rnm_arg[idx]);
data/nco-4.9.5/src/nco/ncrename.c:670:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_grp_rnm;idx++) grp_rnm_arg[idx]=(char *)nco_free(grp_rnm_arg[idx]);
data/nco-4.9.5/src/nco/ncrename.c:671:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(int idx=0;idx<nbr_var_rnm;idx++) var_rnm_arg[idx]=(char *)nco_free(var_rnm_arg[idx]);
data/nco-4.9.5/src/nco/ncwa.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aux_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncwa.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnk_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncwa.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lmt_arg[NC_MAX_DIMS];
data/nco-4.9.5/src/nco/ncwa.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppc_arg[NC_MAX_VARS]; /* [sng] PPC arguments */
data/nco-4.9.5/src/nco/ncwa.c:436:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
opt_crr=(char *)strdup(opt_lng[opt_idx].name);
data/nco-4.9.5/src/nco/ncwa.c:762:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<dmn_avg_nbr;idx++) dmn_avg_lst_in[idx]=(char *)strdup(dim[idx]->nm);
data/nco-4.9.5/src/nco/ncwa.c:1026:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)(var_prc_out[idx]->val.vp),(void *)(var_prc[idx]->val.vp),var_prc_out[idx]->sz*nco_typ_lng(var_prc_out[idx]->type));
data/nco-4.9.5/src/nco/ncwa.c:1205:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(nco_is_xcp(var_trv->nm)) nco_xcp_prc(var_trv->nm,var_prc_out[idx]->type,var_prc_out[idx]->sz,(char *)var_prc_out[idx]->val.vp);
data/nco-4.9.5/src/nco/ncwa.c:1293:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<aux_nbr;idx++) aux_arg[idx]=(char *)nco_free(aux_arg[idx]);
data/nco-4.9.5/src/nco/ncwa.c:1294:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) lmt_arg[idx]=(char *)nco_free(lmt_arg[idx]);
data/nco-4.9.5/src/nco/ncwa.c:1295:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<ppc_nbr;idx++) ppc_arg[idx]=(char *)nco_free(ppc_arg[idx]);
data/nco-4.9.5/src/nco/ncwa.c:1297:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<cnk_nbr;idx++) cnk_arg[idx]=(char *)nco_free(cnk_arg[idx]);
data/nco-4.9.5/src/nco/ncwa.c:1310:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for(idx=0;idx<lmt_nbr;idx++) flg_dne[idx].dim_nm=(char *)nco_free(flg_dne[idx].dim_nm);
data/nco-4.9.5/src/nco_c++/nco_att.cc:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_nm_chr[NC_MAX_NAME];
data/nco-4.9.5/src/nco_c++/nco_dmn.cc:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmn_nm_chr[NC_MAX_NAME];
data/nco-4.9.5/src/nco_c++/nco_var.cc:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_chr[NC_MAX_NAME];
data/nco-4.9.5/src/nco_c++/nco_var.cc:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_nm_chr[NC_MAX_NAME];
data/nco-4.9.5/src/nco_c++/nco_var.cc:1133:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
var_val=new char *[var_sz]; // [frc] Variable value
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:1970:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(units_sng,var_att->val.cp,var_att->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:3660:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_long_name->sz=strlen(bnds_txt);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:3663:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att_long_name->val.cp, bnds_txt, att_long_name->sz );
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:4932:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer,(char*)var_add->val.vp, var_add->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5073:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, var_regexp->val.cp, var_regexp->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5186:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, var_in->val.cp, var_in->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5612:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fmt_sng,var_fmt->val.cp, var_fmt->sz);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5675:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz=strlen(cp);
data/nco-4.9.5/src/nco++/fmc_all_cls.cc:5679:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var->val.cp,cp,sz);
data/nco-4.9.5/src/nco++/ncap2.cc:554:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_lng=strlen(spt_arg[idx]);
data/nco-4.9.5/src/nco++/ncap2_att.cc:62:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, var_att->val.cp, var_att->sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:173:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln_nm=(char *)nco_malloc((strlen(var_nm)+strlen(att_nm)+2)*sizeof(char));
data/nco-4.9.5/src/nco++/ncap2_att.cc:173:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln_nm=(char *)nco_malloc((strlen(var_nm)+strlen(att_nm)+2)*sizeof(char));
data/nco-4.9.5/src/nco++/ncap2_att.cc:174:24: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(ln_nm,var_nm);strcat(ln_nm,"@");strcat(ln_nm,att_nm);
data/nco-4.9.5/src/nco++/ncap2_att.cc:380:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, var->val.cp, var->sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:382:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, var->val.cp,nw_sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:455:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void)strcpy(dlm_sng,"");
data/nco-4.9.5/src/nco++/ncap2_att.cc:545:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp+=strlen(tp);
data/nco-4.9.5/src/nco++/ncap2_att.cc:553:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void)strcpy(dlm_sng,"");
data/nco-4.9.5/src/nco++/ncap2_att.cc:561:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ;att_lmn++) { (void)sprintf(tp,att_sng,var->val.fp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:564:151: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ;att_lmn++) { (void)sprintf(tp,att_sng,var->val.dp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:567:149: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.sp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:570:155: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,(long)var->val.ip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:575:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tp,var->val.cp,att_sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:583:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp+=strlen(tp);
data/nco-4.9.5/src/nco++/ncap2_att.cc:589:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.bp[att_lmn], (att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:592:151: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.ubp[att_lmn], (att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:595:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.usp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:598:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.uip[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:601:151: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.i64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:604:152: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max;att_lmn++) { (void)sprintf(tp,att_sng,var->val.ui64p[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : ""); tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:607:152: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(att_lmn=0;att_lmn<att_sz && tp<cp_max ; att_lmn++) { (void)sprintf(tp,att_sng,var->val.sngp[att_lmn],(att_lmn != att_sz-1) ? dlm_sng : "");tp+=strlen(tp); }
data/nco-4.9.5/src/nco++/ncap2_att.cc:622:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp=(char*)nco_realloc(cp, sizeof(char) * (strlen(cp)+1));
data/nco-4.9.5/src/nco++/ncap2_att.cc:655:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, var_att->val.cp, var_att->sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:686:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cstr, var_att->val.cp, var_att->sz);
data/nco-4.9.5/src/nco++/ncap2_att.cc:722:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var_att->val.cp, att_txt.c_str(), att_txt.size());
data/nco-4.9.5/src/nco++/ncap2_utl.cc:24:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(spaths)==0)
data/nco-4.9.5/src/nco++/ncoLexer.hpp:76:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( spaths && strlen(spaths) >0 )
data/nco-4.9.5/src/nco++/ncoTree.cpp:1188:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var->sz=strlen(tsng);
data/nco-4.9.5/src/nco++/ncoTree.cpp:1193:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var->val.cp,tsng,(size_t)var->sz);
data/nco-4.9.5/src/nco++/ncoTree.cpp:4212:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, var_rhs->val.cp , var_rhs->sz);
data/nco-4.9.5/src/nco/mpncbo.c:501:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncbo.c:797:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/mpncecat.c:467:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncecat.c:759:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/mpncflint.c:485:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncflint.c:722:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/mpncpdq.c:490:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncpdq.c:944:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/mpncra.c:532:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncra.c:781:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/mpncwa.c:560:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/mpncwa.c:877:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(prc_rnk == rnk_mgr) fl_nm_lng=(int)strlen(fl_out_tmp);
data/nco-4.9.5/src/nco/ncecat.c:805:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_in_lng=strlen(fl_in);
data/nco-4.9.5/src/nco/ncecat.c:831:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe_arg_lng=strlen(stb_srt_psn)-sfx_lng;
data/nco-4.9.5/src/nco/ncecat.c:833:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
gpe_arg=strncpy(gpe_arg,stb_srt_psn,strlen(stb_srt_psn)-sfx_lng);
data/nco-4.9.5/src/nco/ncecat.c:833:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe_arg=strncpy(gpe_arg,stb_srt_psn,strlen(stb_srt_psn)-sfx_lng);
data/nco-4.9.5/src/nco/ncks.c:697:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec_dmn_nm=(char *)nco_malloc((strlen(fix_pfx)+strlen(optarg)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/ncks.c:697:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec_dmn_nm=(char *)nco_malloc((strlen(fix_pfx)+strlen(optarg)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/ncks.c:982:31: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(!nco_spn_lck_brk) usleep(nco_spn_lck_us); /* Spinlock. fxm: should probably insert a sched_yield */
data/nco-4.9.5/src/nco/ncks.c:1382:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prn_flg.smr_sng=smr_sng=(char *)nco_malloc((strlen(fl_in)+300L*sizeof(char))); /* [sng] File summary string */
data/nco-4.9.5/src/nco/nco_att_utl.c:778:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_var.sz=att_sz=strlen(att_var.val.sngp[0]);
data/nco-4.9.5/src/nco/nco_att_utl.c:869:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_in_lst_sng_lng+=strlen(fl_lst_in[fl_idx]);
data/nco-4.9.5/src/nco/nco_att_utl.c:901:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_in_lst_aed.sz=(long int)strlen(fl_in_lst_sng)+1L;
data/nco-4.9.5/src/nco/nco_att_utl.c:955:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(time_stamp_sng,ctime_sng,TIME_STAMP_SNG_LNG-1UL);
data/nco-4.9.5/src/nco/nco_att_utl.c:969:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(time_stamp_sng)+strlen(fl_in)+strlen(att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:969:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(time_stamp_sng)+strlen(fl_in)+strlen(att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:969:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(time_stamp_sng)+strlen(fl_in)+strlen(att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:969:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(time_stamp_sng)+strlen(fl_in)+strlen(att_nm_hst);
data/nco-4.9.5/src/nco/nco_att_utl.c:989:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(fl_in)+strlen(att_nm)+strlen(hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:989:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(fl_in)+strlen(att_nm)+strlen(hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:989:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(fl_in)+strlen(att_nm)+strlen(hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:989:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng_fmt)+strlen(fl_in)+strlen(att_nm)+strlen(hst_crr);
data/nco-4.9.5/src/nco/nco_att_utl.c:1008:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng)+strlen(time_stamp_sng)+2UL;
data/nco-4.9.5/src/nco/nco_att_utl.c:1008:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=strlen(hst_sng)+strlen(time_stamp_sng)+2UL;
data/nco-4.9.5/src/nco/nco_att_utl.c:1032:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prv_new=(char *)nco_malloc((strlen(prv_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1032:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prv_new=(char *)nco_malloc((strlen(prv_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1032:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prv_new=(char *)nco_malloc((strlen(prv_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1036:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd+=nco_put_att(out_id,NC_GLOBAL,att_nm,NC_CHAR,(long int)(strlen(prv_new)),(void *)prv_new);
data/nco-4.9.5/src/nco/nco_att_utl.c:1081:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(time_stamp_sng,ctime_sng,TIME_STAMP_SNG_LNG-1UL);
data/nco-4.9.5/src/nco/nco_att_utl.c:1096:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hst_new=(char *)nco_malloc((strlen(hst_sng)+strlen(time_stamp_sng)+3UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1096:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hst_new=(char *)nco_malloc((strlen(hst_sng)+strlen(time_stamp_sng)+3UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1118:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hst_new=(char *)nco_malloc((strlen(hst_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1118:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hst_new=(char *)nco_malloc((strlen(hst_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1118:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hst_new=(char *)nco_malloc((strlen(hst_crr)+strlen(hst_sng)+strlen(time_stamp_sng)+4UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_att_utl.c:1122:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd+=nco_put_att(out_id,NC_GLOBAL,att_nm,NC_CHAR,(long int)(strlen(hst_new)+1UL),(void *)hst_new);
data/nco-4.9.5/src/nco/nco_att_utl.c:1325:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_lst[idx].sz=(arg_lst[idx_att_val_arg] == NULL) ? 0L : strlen(arg_lst[idx_att_val_arg])+0L; /* Behavior 2 (like ncgen) */
data/nco-4.9.5/src/nco/nco_att_utl.c:1363:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nan_trap,arg_lst[idx_att_val_arg],chr_nbr);
data/nco-4.9.5/src/nco/nco_att_utl.c:1484:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_nm_lng=strlen(rnm_att->old_nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1504:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj_nm_lng=strlen(rnm_att->old_nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1528:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_nm_lng=strlen(rnm_att->new_nm);
data/nco-4.9.5/src/nco/nco_att_utl.c:1555:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_lng=strlen(grp_nm_fll_in);
data/nco-4.9.5/src/nco/nco_att_utl.c:1602:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_lng=strlen(grp_nm_fll_in);
data/nco-4.9.5/src/nco/nco_att_utl.c:1625:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_lng=gpe->lng_cnn+strlen(grp_out);
data/nco-4.9.5/src/nco/nco_att_utl.c:1664:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_lng=strlen(grp_out)+gpe->lng_cnn;
data/nco-4.9.5/src/nco/nco_att_utl.c:1764:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
gpe->nm=(char *)strncpy(gpe->nm,gpe->arg,spr_cp-gpe->arg); /* [sng] Group name */
data/nco-4.9.5/src/nco/nco_att_utl.c:1769:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbr_lng=strlen(nbr_sng);
data/nco-4.9.5/src/nco/nco_att_utl.c:1793:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe->lng_edt=strlen(gpe->edt); /* [nbr] Length of editing component of full GPE specification */
data/nco-4.9.5/src/nco/nco_att_utl.c:1802:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe->lng=strlen(gpe->nm); /* [nbr] Length of user-specified group path */
data/nco-4.9.5/src/nco/nco_att_utl.c:1905:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_arg_2=rnm_arg[idx]+strlen(rnm_arg[idx])-comma_1_cp-1;
data/nco-4.9.5/src/nco/nco_att_utl.c:1951:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_cpp[strlen(vrs_cpp)-1L]='\0';
data/nco-4.9.5/src/nco/nco_att_utl.c:1956:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_sng_xtn=(char *)nco_malloc(strlen(vrs_pfx)+strlen(vrs_sng)+strlen(vrs_sfx)+1L);
data/nco-4.9.5/src/nco/nco_att_utl.c:1956:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_sng_xtn=(char *)nco_malloc(strlen(vrs_pfx)+strlen(vrs_sng)+strlen(vrs_sfx)+1L);
data/nco-4.9.5/src/nco/nco_att_utl.c:1956:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_sng_xtn=(char *)nco_malloc(strlen(vrs_pfx)+strlen(vrs_sng)+strlen(vrs_sfx)+1L);
data/nco-4.9.5/src/nco/nco_att_utl.c:1968:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_sng_aed.sz=strlen(vrs_sng_xtn)+1L;
data/nco-4.9.5/src/nco/nco_att_utl.c:2012:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gaa_aed.sz=strlen(gaa_aed.val.cp);
data/nco-4.9.5/src/nco/nco_att_utl.c:2139:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var_val,var_val_p1,var_sz);
data/nco-4.9.5/src/nco/nco_att_utl.c:2145:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var_val,ctime_sng+11,8);
data/nco-4.9.5/src/nco/nco_att_utl.c:2206:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(att_val_sng) aed_mtd.sz=strlen(att_val); else aed_mtd.sz=0L;
data/nco-4.9.5/src/nco/nco_cln_utl.c:153:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(lcl_sng);
data/nco-4.9.5/src/nco/nco_cln_utl.c:226:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(lcl_sng);
data/nco-4.9.5/src/nco/nco_cln_utl.c:956:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ptr == val_unt_sng || strlen(++ptr) < 1L){
data/nco-4.9.5/src/nco/nco_cnv_arm.c:145:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)nco_put_att(nc_id,time_id,units_sng,NC_CHAR,(long int)(strlen(att_units)+1UL),(const void *)att_units);
data/nco-4.9.5/src/nco/nco_cnv_arm.c:146:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)nco_put_att(nc_id,time_id,long_name_sng,NC_CHAR,(long int)(strlen(att_long_name)+1UL),(const void *)att_long_name);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:527:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed.sz+=strlen(dmn_rdc[dmn_idx_rdc]->nm);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:562:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed.sz+=2L+strlen(att_op_sng);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:645:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(aed.val.cp,att_val_cpy,aed.sz-1L);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:679:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_lng=strlen(aed.val.cp);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:689:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_sng_lng=strlen(dmn_rdc[dmn_idx_rdc]->nm);
data/nco-4.9.5/src/nco/nco_cnv_csm.c:698:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aed.val.cp,att_val,sbs_sng_lng);
data/nco-4.9.5/src/nco/nco_ctl.c:843:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(nm_out_tmp); /* cut any '.exe' from name */
data/nco-4.9.5/src/nco/nco_fl_utl.c:225:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
usr_rpl=(char)fgetc(stdin);
data/nco-4.9.5/src/nco/nco_fl_utl.c:227:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(usr_rpl == '\n') usr_rpl=(char)fgetc(stdin);
data/nco-4.9.5/src/nco/nco_fl_utl.c:229:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do{garbage=fgetc(stdin);} while(garbage != '\n' && garbage != EOF);
data/nco-4.9.5/src/nco/nco_fl_utl.c:326:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_cp=(char *)nco_malloc((strlen(cmd_cp_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:326:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_cp=(char *)nco_malloc((strlen(cmd_cp_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:326:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_cp=(char *)nco_malloc((strlen(cmd_cp_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:437:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((int)strlen(argv[idx]) >= fl_nm_sz_wrn) (void)fprintf(stderr,"%s: WARNING filename %s is very long (%ld characters) and may not play well with older operating systems\n",nco_prg_nm_get(),argv[idx],(long int)strlen(argv[idx]));
data/nco-4.9.5/src/nco/nco_fl_utl.c:437:217: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((int)strlen(argv[idx]) >= fl_nm_sz_wrn) (void)fprintf(stderr,"%s: WARNING filename %s is very long (%ld characters) and may not play well with older operating systems\n",nco_prg_nm_get(),argv[idx],(long int)strlen(argv[idx]));
data/nco-4.9.5/src/nco/nco_fl_utl.c:490:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_dmm_lng=strlen(nco_prg_nm_get())+strlen(tmp_sng_1)+8UL+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:490:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_dmm_lng=strlen(nco_prg_nm_get())+strlen(tmp_sng_1)+8UL+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:599:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lng=strlen(bfr_in);
data/nco-4.9.5/src/nco/nco_fl_utl.c:616:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((chr_foo=getchar()) != '\n' && chr_foo != EOF){
data/nco-4.9.5/src/nco/nco_fl_utl.c:727:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_sng_lng=strlen(sftp_url_sng);
data/nco-4.9.5/src/nco/nco_fl_utl.c:730:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_sng_lng=strlen(ftp_url_sng);
data/nco-4.9.5/src/nco/nco_fl_utl.c:744:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lcl=(char *)nco_malloc(strlen(fl_pth_lcl_tmp)+1UL);
data/nco-4.9.5/src/nco/nco_fl_utl.c:813:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_sng_lng=strlen(http_url_sng);
data/nco-4.9.5/src/nco/nco_fl_utl.c:823:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lcl=(char *)nco_malloc(strlen(fl_pth_lcl_tmp)+1UL);
data/nco-4.9.5/src/nco/nco_fl_utl.c:846:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lcl=(char *)nco_malloc(strlen(fl_pth_lcl_tmp)+1UL);
data/nco-4.9.5/src/nco/nco_fl_utl.c:884:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lcl=(char *)nco_malloc((strlen(fl_pth_lcl)+strlen(fl_nm_stub)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:884:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_lcl=(char *)nco_malloc((strlen(fl_pth_lcl)+strlen(fl_nm_stub)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:886:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(fl_nm_lcl,"/");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1000:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_netrc=(char *)nco_realloc(fl_nm_netrc,(strlen(fl_nm_netrc)+strlen(fl_stb_netrc)+2UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1000:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_netrc=(char *)nco_realloc(fl_nm_netrc,(strlen(fl_nm_netrc)+strlen(fl_stb_netrc)+2UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1047:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(host_nm_lcl,".");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1053:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usr_email=(char *)nco_malloc((strlen(usr_nm)+1UL+strlen(host_nm_lcl)+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1053:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usr_email=(char *)nco_malloc((strlen(usr_nm)+1UL+strlen(host_nm_lcl)+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1061:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_netrc_tpl)+strlen(ftp_cmd_netrc)+strlen(host_nm_rmt)-4UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1061:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_netrc_tpl)+strlen(ftp_cmd_netrc)+strlen(host_nm_rmt)-4UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1061:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_netrc_tpl)+strlen(ftp_cmd_netrc)+strlen(host_nm_rmt)-4UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1065:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_anonymous_tpl)+strlen(ftp_cmd_anonymous)+strlen(host_nm_rmt)+strlen(usr_email)-6UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1065:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_anonymous_tpl)+strlen(ftp_cmd_anonymous)+strlen(host_nm_rmt)+strlen(usr_email)-6UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1065:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_anonymous_tpl)+strlen(ftp_cmd_anonymous)+strlen(host_nm_rmt)+strlen(usr_email)-6UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1065:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt_ftp=(char *)nco_malloc((strlen(fmt_ftp_anonymous_tpl)+strlen(ftp_cmd_anonymous)+strlen(host_nm_rmt)+strlen(usr_email)-6UL+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1194:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fl_nm_stub != fl_nm_lcl) fl_pth_lcl_lng=strlen(fl_nm_lcl)-strlen(fl_nm_stub)-1UL; else fl_pth_lcl_lng=0L;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1194:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fl_nm_stub != fl_nm_lcl) fl_pth_lcl_lng=strlen(fl_nm_lcl)-strlen(fl_nm_stub)-1UL; else fl_pth_lcl_lng=0L;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1197:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(fl_pth_lcl_tmp,fl_nm_lcl,fl_pth_lcl_lng);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1211:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_sys=(char *)nco_malloc((strlen(cmd_mkdir)+fl_pth_lcl_lng+2UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1213:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(cmd_sys," ");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1230:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_sys=(char *)nco_malloc((strlen(rmt_cmd->fmt)-rmt_cmd->fmt_chr_nbr+strlen(fl_nm_lcl)+strlen(fl_nm_rmt)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1230:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_sys=(char *)nco_malloc((strlen(rmt_cmd->fmt)-rmt_cmd->fmt_chr_nbr+strlen(fl_nm_lcl)+strlen(fl_nm_rmt)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1230:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_sys=(char *)nco_malloc((strlen(rmt_cmd->fmt)-rmt_cmd->fmt_chr_nbr+strlen(fl_nm_lcl)+strlen(fl_nm_rmt)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1360:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_mv=(char *)nco_malloc((strlen(cmd_mv_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1360:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_mv=(char *)nco_malloc((strlen(cmd_mv_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1360:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_mv=(char *)nco_malloc((strlen(cmd_mv_fmt)+strlen(fl_src_cdl)+strlen(fl_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1459:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-3,".nc",3))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1461:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-3,".h5",3))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1463:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-4,".cdf",4))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1465:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-4,".hdf",4))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1467:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-4,".hd5",4))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1469:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strncmp(fl_lst_in[0]+strlen(fl_lst_in[0])-4,".he5",4))
data/nco-4.9.5/src/nco/nco_fl_utl.c:1473:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm_1st_dgt=fl_lst_in[0]+strlen(fl_lst_in[0])-fl_nm_nbr_dgt-fl_nm_sfx_lng;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1475:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
fl_nm_nbr_sng=strncpy(fl_nm_nbr_sng,fl_nm_1st_dgt,(size_t)fl_nm_nbr_dgt);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1516:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(fl_nm+(fl_nm_1st_dgt-fl_lst_in[0]),fl_nm_nbr_sng,(size_t)fl_nm_nbr_dgt);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1529:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm=(char *)nco_malloc((strlen(fl_nm_stub)+strlen(fl_pth)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1529:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_nm=(char *)nco_malloc((strlen(fl_nm_stub)+strlen(fl_pth)+2)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1536:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(fl_pth) < 8UL) is_url=False; else{
data/nco-4.9.5/src/nco/nco_fl_utl.c:1538:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
sng=strncpy(sng,fl_pth,8);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1545:22: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(is_url) (void)strcat(fl_nm,"/"); else (void)strcat(fl_nm,"\\");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1545:52: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(is_url) (void)strcat(fl_nm,"/"); else (void)strcat(fl_nm,"\\");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1548:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(fl_nm,"/");
data/nco-4.9.5/src/nco/nco_fl_utl.c:1761:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_lng=strlen(fl_out)+1UL+strlen(tmp_sng_1)+strlen(pid_sng)+1UL+strlen(nco_prg_nm_get())+1UL+strlen(tmp_sng_2)+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1761:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_lng=strlen(fl_out)+1UL+strlen(tmp_sng_1)+strlen(pid_sng)+1UL+strlen(nco_prg_nm_get())+1UL+strlen(tmp_sng_2)+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1761:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_lng=strlen(fl_out)+1UL+strlen(tmp_sng_1)+strlen(pid_sng)+1UL+strlen(nco_prg_nm_get())+1UL+strlen(tmp_sng_2)+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1761:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_lng=strlen(fl_out)+1UL+strlen(tmp_sng_1)+strlen(pid_sng)+1UL+strlen(nco_prg_nm_get())+1UL+strlen(tmp_sng_2)+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1761:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_lng=strlen(fl_out)+1UL+strlen(tmp_sng_1)+strlen(pid_sng)+1UL+strlen(nco_prg_nm_get())+1UL+strlen(tmp_sng_2)+1UL;
data/nco-4.9.5/src/nco/nco_fl_utl.c:1765:312: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nco_dbg_lvl_get() >= nco_dbg_sbr) (void)fprintf(stdout,"%s: %s reports sizeof(pid_t) = %d bytes, pid = %ld, pid_sng_lng = %ld bytes, strlen(pid_sng) = %ld bytes, fl_out_tmp_lng = %ld bytes, strlen(fl_out_tmp) = %ld, fl_out_tmp = %s\n",nco_prg_nm_get(),fnc_nm,(int)sizeof(pid_t),(long)pid,pid_sng_lng,(long)strlen(pid_sng),fl_out_tmp_lng,(long)strlen(fl_out_tmp),fl_out_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1765:349: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nco_dbg_lvl_get() >= nco_dbg_sbr) (void)fprintf(stdout,"%s: %s reports sizeof(pid_t) = %d bytes, pid = %ld, pid_sng_lng = %ld bytes, strlen(pid_sng) = %ld bytes, fl_out_tmp_lng = %ld bytes, strlen(fl_out_tmp) = %ld, fl_out_tmp = %s\n",nco_prg_nm_get(),fnc_nm,(int)sizeof(pid_t),(long)pid,pid_sng_lng,(long)strlen(pid_sng),fl_out_tmp_lng,(long)strlen(fl_out_tmp),fl_out_tmp);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1786:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fl_out_tmp_sys=(char *)nco_malloc((strlen(fl_out)+7)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1797:164: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nco_dbg_lvl_get() >= nco_dbg_scl) (void)fprintf(stdout,"%s: %s reports strlen(fl_out_tmp_sys) = %ld, fl_out_tmp_sys = %s, \n",nco_prg_nm_get(),fnc_nm,(long)strlen(fl_out_tmp_sys),fl_out_tmp_sys);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1894:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usr_rpl_lng=strlen(usr_rpl);
data/nco-4.9.5/src/nco/nco_fl_utl.c:1985:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rm_cmd=(char *)nco_malloc((strlen(rm_cmd_sys_dep)+1UL+strlen(fl_nm)+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_fl_utl.c:1985:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rm_cmd=(char *)nco_malloc((strlen(rm_cmd_sys_dep)+1UL+strlen(fl_nm)+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_getopt.c:218:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(longopts[ind].name) == (size_t) (charind - offset)) &&
data/nco-4.9.5/src/nco/nco_grp_trv.c:303:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll_lng=grp_nm_lng+strlen(var_nm);
data/nco-4.9.5/src/nco/nco_grp_trv.c:308:24: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(grp_nm_lng != 1L) strcat(var_nm_fll,"/");
data/nco-4.9.5/src/nco/nco_grp_trv.c:895:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_trv.c:895:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_trv.c:899:30: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(strcmp(grp_nm_fll,"/")) strcat(var_nm_fll,"/");
data/nco-4.9.5/src/nco/nco_grp_trv.c:931:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *nm_fll_sfx=(char*)nco_malloc(strlen(grp_nm_fll_prn)+strlen(trv_tbl->lst[tbl_idx].nm)+strlen(trv_tbl->nsm_sfx)+2L);
data/nco-4.9.5/src/nco/nco_grp_trv.c:931:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *nm_fll_sfx=(char*)nco_malloc(strlen(grp_nm_fll_prn)+strlen(trv_tbl->lst[tbl_idx].nm)+strlen(trv_tbl->nsm_sfx)+2L);
data/nco-4.9.5/src/nco/nco_grp_trv.c:931:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *nm_fll_sfx=(char*)nco_malloc(strlen(grp_nm_fll_prn)+strlen(trv_tbl->lst[tbl_idx].nm)+strlen(trv_tbl->nsm_sfx)+2L);
data/nco-4.9.5/src/nco/nco_grp_trv.c:933:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nm_fll_sfx,"/");
data/nco-4.9.5/src/nco/nco_grp_utl.c:116:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(grp_pth)){
data/nco-4.9.5/src/nco/nco_grp_utl.c:554:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm_fll_lng=strlen(nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:555:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm_lng=strlen(nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:556:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usr_sng_lng=strlen(usr_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:707:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usr_sng_lng=strlen(usr_sng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1317:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(spc_ptr) var_lng=spc_ptr-cln_ptr-2L; else var_lng=strlen(cln_ptr+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1321:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cf_lst[nbr_cf],cln_ptr+2L,var_lng);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1345:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cf_lst_var_nm_fll=(char *)nco_malloc(strlen(var_trv->grp_nm_fll)+strlen(cf_lst_var)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1345:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cf_lst_var_nm_fll=(char *)nco_malloc(strlen(var_trv->grp_nm_fll)+strlen(cf_lst_var)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1356:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strncmp(cf_lst_var,cur_dir_sng,strlen(cur_dir_sng)) == 0){
data/nco-4.9.5/src/nco/nco_grp_utl.c:1362:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strncmp(cf_lst_var,up_dir_sng,strlen(up_dir_sng)) == 0){
data/nco-4.9.5/src/nco/nco_grp_utl.c:1572:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll=(char *)nco_malloc(strlen(var_trv.grp_nm_fll)+strlen(dmn_nm_grp)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:1572:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll=(char *)nco_malloc(strlen(var_trv.grp_nm_fll)+strlen(dmn_nm_grp)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2505:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trv_tbl->lst[idx].nm_lng=strlen(grp_nm); /* [sng] Length of short name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2508:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trv_tbl->lst[idx].nm_fll_lng=strlen(grp_nm_fll);/* [sng] Length of full name */
data/nco-4.9.5/src/nco/nco_grp_utl.c:2585:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2585:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2622:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trv_tbl->lst[idx].nm_lng=strlen(var_nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2626:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trv_tbl->lst[idx].nm_fll_lng=strlen(var_nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2756:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(dmn_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2756:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(dmn_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2804:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:2804:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3212:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll_lng=strlen(var_trv->nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3213:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll_lng=strlen(dmn_trv->nm_fll);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3214:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_sng_lng=strlen(var_trv->nm);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3596:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe_var_nm_fll=(char*)nco_malloc(strlen(grp_out_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:3596:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpe_var_nm_fll=(char*)nco_malloc(strlen(grp_out_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5029:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll_out=(char *)nco_malloc(strlen(grp_dmn_out_fll)+strlen(dmn_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5029:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmn_nm_fll_out=(char *)nco_malloc(strlen(grp_dmn_out_fll)+strlen(dmn_nm)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:5031:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(strcmp(grp_dmn_out_fll,"/")) strcat(dmn_nm_fll_out,"/");
data/nco-4.9.5/src/nco/nco_grp_utl.c:9173:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grp_nm_fll=(char *)nco_malloc(grp_nm_lng+strlen(trv_tbl->nsm[idx_nsm].grp_nm_fll_prn)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:9175:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grp_nm_fll,"/");
data/nco-4.9.5/src/nco/nco_grp_utl.c:10275:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grp_nm_fll=(char *)nco_malloc(grp_nm_lng+strlen(trv_tbl->nsm[idx_nsm].grp_nm_fll_prn)+2L);
data/nco-4.9.5/src/nco/nco_grp_utl.c:10277:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grp_nm_fll,"/");
data/nco-4.9.5/src/nco/nco_grp_utl.c:10761:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed.sz=strlen(grp_out_fll);
data/nco-4.9.5/src/nco/nco_lst_utl.c:95:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(mch_nbr && fmt_sng && strlen(fmt_sng)){
data/nco-4.9.5/src/nco/nco_lst_utl.c:98:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)nco_realloc(fmt_sng_new,(mch_psn_srt+strlen(fmt_sng)-mch_psn_end+2L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_lst_utl.c:317:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlm_lng=strlen(dlm_sng);
data/nco-4.9.5/src/nco/nco_lst_utl.c:348:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(lst[idx]) == 0) lst[idx]=NULL;
data/nco-4.9.5/src/nco/nco_lst_utl.c:397:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlm_lng=strlen(dlm_sng);
data/nco-4.9.5/src/nco/nco_lst_utl.c:438:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sng_lst_out[idx]) == 0) sng_lst_out[idx]=NULL;
data/nco-4.9.5/src/nco/nco_lst_utl.c:468:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_len=strlen(sng_in);
data/nco-4.9.5/src/nco/nco_lst_utl.c:497:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_len=strlen(cp_ptr);
data/nco-4.9.5/src/nco/nco_lst_utl.c:776:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlm_lng=strlen(dlm_sng);
data/nco-4.9.5/src/nco/nco_lst_utl.c:779:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(lmn=0L;lmn<lmn_nbr;lmn++) sng_sz+=(sng_lst[lmn] == NULL) ? 0L : strlen(sng_lst[lmn])+dlm_lng;
data/nco-4.9.5/src/nco/nco_lst_utl.c:823:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(rgd_arr_lst[idx][jdx]) > 0)
data/nco-4.9.5/src/nco/nco_lst_utl.c:840:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(rgd_arr_lst[idx][sz]) > 0) sz++;
data/nco-4.9.5/src/nco/nco_map.c:604:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_cpp[strlen(vrs_cpp)-1L]='\0';
data/nco-4.9.5/src/nco/nco_map.c:1690:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(av);
data/nco-4.9.5/src/nco/nco_msa.c:1381:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_out.sz=strlen(var_out.val.sngp[0]);
data/nco-4.9.5/src/nco/nco_mta.c:60:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t end=strlen(srt);
data/nco-4.9.5/src/nco/nco_mta.c:100:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&args[absolute_pos],&args[absolute_pos+1L],strlen(args)-absolute_pos);
data/nco-4.9.5/src/nco/nco_mta.c:112:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&args[absolute_pos],&args[absolute_pos+1L],strlen(args)-absolute_pos);
data/nco-4.9.5/src/nco/nco_mta.c:147:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idx_lst[dlm_idx]=strlen(sng_tmp);
data/nco-4.9.5/src/nco/nco_mta.c:156:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sng_sz=idx_lst[dlm_idx+1]-idx_lst[dlm_idx]-strlen(delimiter);
data/nco-4.9.5/src/nco/nco_mta.c:158:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sng_fnl[dlm_idx],sng_tmp+idx_lst[dlm_idx]+strlen(delimiter),sng_sz);
data/nco-4.9.5/src/nco/nco_mta.c:265:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strstr(args,"=") == args+strlen(args)-1L){ // Equal sign is at argument end
data/nco-4.9.5/src/nco/nco_mta.c:319:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp_value=(char *)nco_realloc(temp_value,strlen(temp_value)+(value ? strlen(value) : 0)+1L);
data/nco-4.9.5/src/nco/nco_mta.c:319:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp_value=(char *)nco_realloc(temp_value,strlen(temp_value)+(value ? strlen(value) : 0)+1L);
data/nco-4.9.5/src/nco/nco_mta.c:349:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_lng+=strlen(sng_lst[sng_idx])+1L;
data/nco-4.9.5/src/nco/nco_mta.c:353:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tmp_lng=strlen(sng_lst[sng_idx]);
data/nco-4.9.5/src/nco/nco_netcdf.c:856:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd=strlen(fl_nm)+mode+sz;
data/nco-4.9.5/src/nco/nco_netcdf.c:872:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd=strlen(fl_nm)+mode+sz_ntl;
data/nco-4.9.5/src/nco/nco_netcdf.c:886:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd=strlen(fl_nm)+mode;
data/nco-4.9.5/src/nco/nco_netcdf.c:1944:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcd=NCO_PUT_ATT_CHAR(nc_id,*var_id,att_nm,NC_CHAR,(size_t)strlen(var_nm),(const nco_char *)var_nm);
data/nco-4.9.5/src/nco/nco_netcdf.c:3205:69: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
int nco_inq_grpname(const int nc_id,char * const grp_nm){if(grp_nm) strcpy(grp_nm,"/");return NC_NOERR;}
data/nco-4.9.5/src/nco/nco_ppc.c:289:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sng2mch,"^");
data/nco-4.9.5/src/nco/nco_prn.c:153:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:155:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:163:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:165:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:228:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:230:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:243:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:245:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:315:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:317:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:347:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:349:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:363:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:365:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:380:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_sz=att[idx].sz=strlen(val_hdn_sng);
data/nco-4.9.5/src/nco/nco_prn.c:382:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(att[idx].val.cp,val_hdn_sng,att_sz);
data/nco-4.9.5/src/nco/nco_prn.c:523:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spr_sng_lng=strlen(spr_sng);
data/nco-4.9.5/src/nco/nco_prn.c:622:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sng_val) sng_lng=strlen(sng_val); else sng_lng=0L;
data/nco-4.9.5/src/nco/nco_prn.c:1553:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)fprintf(stdout,var_sng,var_nm,idx_crr,idx_crr+strlen((char *)var.val.cp+lmn),(char *)var.val.cp+lmn,unit_sng);
data/nco-4.9.5/src/nco/nco_prn.c:1613:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(unit_sng) > 0) unit_sng=(char *)nco_free(unit_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2071:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(unit_sng_var && strlen(unit_sng_var)){
data/nco-4.9.5/src/nco/nco_prn.c:2261:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spr_sng_lng=strlen(spr_sng);
data/nco-4.9.5/src/nco/nco_prn.c:2414:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_lng=strlen(sng_val);
data/nco-4.9.5/src/nco/nco_prn.c:3111:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3111:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3267:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3267:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3314:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3314:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3561:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3561:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3666:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3666:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3867:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3867:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3941:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:3941:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:4156:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:4156:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(var_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:4261:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:4261:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_grp_nm_fll=(char *)nco_malloc(strlen(grp_nm_fll)+strlen(grp_nm)+2L);
data/nco-4.9.5/src/nco/nco_prn.c:4436:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(prn_flg->cdl && !prn_flg->xml) strcat(val_sng, "f");
data/nco-4.9.5/src/nco/nco_rgr.c:439:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ttl_lng=strlen(rgr->grd_ttl);
data/nco-4.9.5/src/nco/nco_rgr.c:3944:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd_crd.sz=strlen(lat_nm_out)+strlen(lon_nm_out)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:3944:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd_crd.sz=strlen(lat_nm_out)+strlen(lon_nm_out)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:3964:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val_cll_msr=(char *)nco_malloc((strlen(area_nm_out)+6L+1L)*nco_typ_lng(aed_mtd_cll_msr.type));
data/nco-4.9.5/src/nco/nco_rgr.c:3966:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd_cll_msr.sz=strlen(att_val_cll_msr);
data/nco-4.9.5/src/nco/nco_rgr.c:4307:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_calloc((strlen(lat_dmn_nm_out)+strlen(lon_dmn_nm_out)+8L),sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:4307:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_calloc((strlen(lat_dmn_nm_out)+strlen(lon_dmn_nm_out)+8L),sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:4316:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_calloc((strlen(lat_dmn_nm_out)+strlen(lon_dmn_nm_out)+8L),sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:4316:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_calloc((strlen(lat_dmn_nm_out)+strlen(lon_dmn_nm_out)+8L),sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:4419:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_rgr.c:6016:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rgr->drc_tps= (nvr_DATA_TEMPEST && strlen(nvr_DATA_TEMPEST) > 0L) ? (char *)strdup(nvr_DATA_TEMPEST) : (char *)strdup("/tmp");
data/nco-4.9.5/src/nco/nco_rgr.c:6031:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_rgr=(char *)nco_malloc((strlen(cmd_rgr_fmt)+strlen(fl_grd_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:6031:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_rgr=(char *)nco_malloc((strlen(cmd_rgr_fmt)+strlen(fl_grd_dst_cdl)-fmt_chr_nbr+1UL)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:9211:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_malloc((strlen(att_fmt)+strlen(rgr->fl_in)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:9211:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_malloc((strlen(att_fmt)+strlen(rgr->fl_in)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:9544:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_malloc((strlen(att_fmt)+strlen(rgr->fl_in)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:9544:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att_val=(char *)nco_malloc((strlen(att_fmt)+strlen(rgr->fl_in)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_rgr.c:9570:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(ndx_nm)+strlen(ndy_nm)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:9570:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(ndx_nm)+strlen(ndy_nm)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:9577:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(fcx_nm)+strlen(fcy_nm)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:9577:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(fcx_nm)+strlen(fcy_nm)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:9585:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(dgx_nm)+strlen(dgy_nm)+1L;
data/nco-4.9.5/src/nco/nco_rgr.c:9585:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(dgx_nm)+strlen(dgy_nm)+1L;
data/nco-4.9.5/src/nco/nco_scm.c:55:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cvs_nm_sng_len=(int)(dlr_ptr-cvs_nm_ptr-strlen(dlr_nm_cln_spc)); /* 7 is strlen("$Name: ") */
data/nco-4.9.5/src/nco/nco_scm.c:83:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
cvs_nm_sng=strncpy(cvs_nm_sng,cvs_Name+strlen(dlr_nm_cln_spc),(size_t)cvs_nm_sng_len); /* strlen("$Name: ") = 7 */
data/nco-4.9.5/src/nco/nco_scm.c:83:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cvs_nm_sng=strncpy(cvs_nm_sng,cvs_Name+strlen(dlr_nm_cln_spc),(size_t)cvs_nm_sng_len); /* strlen("$Name: ") = 7 */
data/nco-4.9.5/src/nco/nco_scm.c:87:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nco_sng_len=strlen(nco_sng);
data/nco-4.9.5/src/nco/nco_scm.c:97:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
cvs_mjr_vrs_sng=strncpy(cvs_mjr_vrs_sng,cvs_nm_sng+nco_sng_len+1,(size_t)cvs_mjr_vrs_len);
data/nco-4.9.5/src/nco/nco_scm.c:111:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
cvs_mnr_vrs_sng=strncpy(cvs_mnr_vrs_sng,usc_1_ptr+1,(size_t)cvs_mnr_vrs_len);
data/nco-4.9.5/src/nco/nco_scm.c:120:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
cvs_pch_vrs_sng=strncpy(cvs_pch_vrs_sng,usc_2_ptr+1,(size_t)cvs_pch_vrs_len);
data/nco-4.9.5/src/nco/nco_scm.c:180:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lbr_vrs_sng_lng=(size_t)strlen(lbr_sng);
data/nco-4.9.5/src/nco/nco_scm.c:185:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lbr_vrs_sng,lbr_sng,lbr_vrs_sng_lng);
data/nco-4.9.5/src/nco/nco_scm.c:192:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmp_dat_sng,of_ptr+4ul,cmp_dat_sng_lng); /* 4 is the length of " of " */
data/nco-4.9.5/src/nco/nco_scm.c:241:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vrs_cpp[strlen(vrs_cpp)-1L]='\0';
data/nco-4.9.5/src/nco/nco_scm.c:245:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_scm.c:245:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_scm.c:249:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(date_cvs,strchr(CVS_Id,'/')-4,(size_t)date_cvs_lng);
data/nco-4.9.5/src/nco/nco_scm.c:256:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Revision) != strlen("*Revision*")){
data/nco-4.9.5/src/nco/nco_scm.c:256:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Revision) != strlen("*Revision*")){
data/nco-4.9.5/src/nco/nco_scm.c:260:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(vrs_rcs,strchr(CVS_Revision,':')+2L,(size_t)vrs_cvs_lng);
data/nco-4.9.5/src/nco/nco_scm.c:267:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_scm.c:267:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_scm.c:274:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_scm.c:274:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(CVS_Id) > strlen("*Id*")){
data/nco-4.9.5/src/nco/nco_sld.c:430:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sld.c:444:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sld.c:457:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sld.c:470:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sld.c:483:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sld.c:496:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/nco_sng_utl.c:150:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sng_lng=strlen(sng_in)+1UL;
data/nco-4.9.5/src/nco/nco_sng_utl.c:188:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_ln_sz+=(int)strlen(argv[idx])+1;
data/nco-4.9.5/src/nco/nco_sng_utl.c:197:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(cmd_ln," ");
data/nco-4.9.5/src/nco/nco_sng_utl.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm_lng=strlen(nm_sng);
data/nco-4.9.5/src/nco/nco_sng_utl.c:340:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm_lng=strlen(nm_sng);
data/nco-4.9.5/src/nco/nco_sng_utl.c:403:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nm_lng=strlen(nm_sng);
data/nco-4.9.5/src/nco/nco_sng_utl.c:515:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sng_lng=strlen(sng_val);
data/nco-4.9.5/src/nco/nco_sng_utl.c:689:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)memmove(backslash_ptr+1,backslash_ptr+2,(strlen(backslash_ptr+2)+1L)*sizeof(char));
data/nco-4.9.5/src/nco/nco_sng_utl.c:769:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end=vld_ptr+strlen(vld_ptr)+1UL;
data/nco-4.9.5/src/nco/nco_sng_utl.c:871:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *sng_end=usr_dta+strlen(usr_dta);
data/nco-4.9.5/src/nco/nco_uthash.h:259:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh,head,findstr,strlen(findstr),out)
data/nco-4.9.5/src/nco/nco_uthash.h:261:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD(hh,head,strfield,strlen(add->strfield),add)
data/nco-4.9.5/src/nco/nco_uthash.h:263:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced)
data/nco-4.9.5/src/nco/ncra.c:1125:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/ncra.c:1163:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
data/nco-4.9.5/src/nco/ncra.c:1194:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aed_mtd.sz=strlen(att_val);
ANALYSIS SUMMARY:
Hits = 1729
Lines analyzed = 144837 in approximately 5.45 seconds (26573 lines/second)
Physical Source Lines of Code (SLOC) = 101989
Hits@level = [0] 2622 [1] 380 [2] 757 [3] 30 [4] 561 [5] 1
Hits@level+ = [0+] 4351 [1+] 1729 [2+] 1349 [3+] 592 [4+] 562 [5+] 1
Hits/KSLOC@level+ = [0+] 42.6615 [1+] 16.9528 [2+] 13.2269 [3+] 5.80455 [4+] 5.5104 [5+] 0.00980498
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.